Zeyu (Zayne) | @[email protected]
@zeyu2001
Followers
1,513
Following
544
Media
162
Statuses
637
CS @Cambridge_Uni | Software and security engineering at OGP, @cure53berlin (ex: TikTok) | CTFs @Water_Paddler , @seetf_sg , DEF CON 31-32 finalist
Singapore
Joined September 2021
Don't wanna be here?
Send us removal request.
Explore trending content on Musk Viewer
Telegram
• 1337018 Tweets
#FREEDUROV
• 294996 Tweets
Hezbollah
• 144063 Tweets
#ดาราล้อกันเล่นxชาล็อต
• 98093 Tweets
Lebanon
• 86228 Tweets
嫌いボタン
• 67615 Tweets
#MarkTuanxVALORANT
• 42229 Tweets
Mark Tuan Superpower Stage
• 26670 Tweets
FortPeat FanParty
• 26135 Tweets
新潟2歳
• 25389 Tweets
GULF DHEVAPROM FANCON
• 20894 Tweets
アルコス
• 15876 Tweets
サトノレーヴ
• 15165 Tweets
ビシエド
• 14418 Tweets
#SFormula
• 12863 Tweets
キーンランドカップ
• 11510 Tweets
Pinned Tweet
Hey, I now own ! I'm also revamping my personal website and thought it made sense to write my first post about where I am in life right now and why I'm taking a step back from popping shells for now!
5
4
46
Unrelated to the corCTF challenge, I was writing about "same-site leaks" using <object>. Maybe I should write something new now that there's the corCTF challenge 🤔
6
30
134
#OSWE
certified!
Was a really fun challenge, and I actually learnt new techniques from the exam boxes! My advice is to just treat it like a CTF 😅
16
2
120
time flies... I crossed 1,000 reputation on
@Hacker0x01
? I remember almost giving up last year after my first 5 findings were all duplicates lol
3
3
80
@intigriti
jquery.query-object is vulnerable to prototype pollution. The descriptor object doesn't define the value property so we can pollute descriptor.value. __proto__[value]=true&cmd=alert(document.domain)
5
6
81
I will never be 21 and whining about CTF infrastructure from a luxury suite in Vegas with my teammates again.
Earlier this month, I participated in the DEF CON 31 CTF and Midnight Sun CTF. This post serves as proof that I touched grass along the way.
2
2
79
Wrote many interesting challenges for SEETF this year. Some highlights:
• 0day SSRF bypass in PlantUML
• Client-side desync
• XS-Leak by abusing Chrome's URL length limits
• WASM buffer overflow
Challenge sources and solutions:
Thanks for playing!
0
9
79
why bother finding 0days to make CTF challenges when you can just pretend there's a 0day and wait for the participants to find one
5
5
67
offsec/vr is really fun as a hobby, but quickly gets dull as a job. much of my past year has been spent on finding a good balance, but now I've discovered so many other hobbies that I don't spend much time hacking things anymore... maybe I'll find that spark again at defcon?
4
1
64
I stepped out of my comfort zone and gave my first live-audience conference presentation at
@BSidesLondon
today!
Thank you
@roachy
and the rookies team for getting me settled in and easing my nerves! I'm really excited to try speaking to a larger audience in the future.
5
1
64
I made some slides on the DEFCON qualifiers web challenges for some singapore students. I'm too lazy to make writeups sooo
3
9
59
deleted this because it was a "0day" but author said it's fine so it's back - AsmBB XSS to RCE from hxp CTF 2023 (credit to great teammates)
2
11
50
being in academic environments has always been hard for my mental health, but i was always too afraid to admit it. cambridge is not easy, it has taken a toll on my mental health, and i'm finally willing to admit it. so excited to see a therapist for the first time in my life.
2
0
48
I'm an
@offsectraining
User Generated Content (UGC) author! Recently submitted a machine, Charlotte, based on some security work I did last year. Can't wait for people to try it on Proving Grounds and untangle Charlotte's "web" 🌐 of vulnerabilities!
1
5
44
ez rce in 10 seconds with python
while True:
print("root
@pentagon
~$ ", end="")
os.system(input())
BOOM rooted 🔥🔥🔥
subscribe to my udemy course and patreon for more tips & tricks
#bugbountytips
#rce
#0day
5
3
46
Giving a 45 minute talk on modern client-side web security tomorrow. Fun stuff from novel XS-Leaks to the insecure mess of browser extensions. I'm totally not preparing my talk as I'm typing this.
1
0
43
Thank you
@PortSwigger
for the swag! Proud to be one of the first 100 people to be
#burpsuitecertified
.
2
1
42
gg! guess I can finally say I'm a dEFcOn CtF 2023 finAlIsT
artifact bunker and brinebid were decent web challenges, we don't talk about raw water
3
0
43
"Smuggler" and "Wild DevTools" from
@BSidesTLV_CTF
are the best web CTF challenges I've played in a long time - can't wait to write these up!
5
8
43
@BSidesLondon
@roachy
I spoke about XS-Leaks on the modern web. Slides from today are available at
0
7
41
local CTF drama is rookie shit compared to codegate drama
1
0
42
Great to see CTFers getting the recognition they deserve. Something like this coming from government is truly rare.
1
1
40
Wrote up some interesting web challenges from HackTM CTF by
@WreckTheLine
. Pretty cool stuff - I found an unintended solution to "secrets" and some weird Chrome behaviours along the way.
2
5
39
I wish there was something like CTFs (for security hiring) for SWE hiring that isn't leetcode...
2
1
40
This is my last week securing the kids dancing app. Super grateful to the people who took a chance on me, offering me a pre-uni internship. During my time here, I found 50+ vulnerabilities and worked on cool projects. Excited to start a new chapter - back 2 school after 3 years!
1
1
39
In 2022:
- got accepted into my dream uni
- found my first CVEs
- gave my first conference talk (albeit on Zoom)
- got my OSWE
- lined up an internship for next year
-
@seetf_sg
hosted our first CTF (!)
Super grateful for the opportunities & can't wait for what 2023 holds 💙🤞
2
0
36
I barely have any time to play CTFs (or do any kind of self-learning for that matter, outside of exam revision) nowadays. Ironically I find myself looking forward to the end of the AY to start learning things I care about, instead of random physics applications of vector calc etc
1
0
37
I wrote a web challenge this year. Enjoy 😬
🚀 ACSC 2024 (Asian Cyber Security Challenge) is Happening!🚀
📅 March 30-31, 2024 🌟 Mark your calendars!
🔜 Registration opening soon. Don't miss out!
More details here ▶️
#ACSC2024
#CyberSecurity
#SaveTheDate
0
37
84
0
0
35
writing a webassembly challenge calls for some soju...
1
1
34
Scored a first blood on the last CTF on the last day of 2022. Happy new year all!🥳
4
1
34
having to mention "cybersecurity conference" to US immigration after getting selected for TSA's "SSSS" extra screening is a traumatising experience I won't wish upon my worst enemy
4
0
33
clearing out my room and found some stuff lying around, told my parents to have fun with them and they came up with this. it's so cute 🥺
1
0
34
We got 2nd place! Really fun first-time hacker summer camp experience, and had lots of fun meeting teammates for the first time. Thanks to everyone who came down. With this experience I'll be more confident next year 💪
0
0
34
no crazy request smuggling 0days this year, but I wrote some (hopefully) interesting web challenges. come play this weekend!
3
2
34
CVE-2022-25763 and CVE-2022-28129, discovered while writing the SEETF request smuggling challenges :)
1
1
32
IMO, someone who plays CTFs / does bug bounties / reported legitimate CVEs >> someone who has every cert but does not do any of these. After from the HR screen it doesn't really do much. Of course if someone else (like employer) pays for it then yeah it's worth the effort.
3
0
32
Finally got around to doing this! No more stickers collecting dust, and no more saying goodbye to stickers when replacing laptops :)
3
1
30
hear me out if everyone merged into 10 teams for defcon ctf we can all go
2
0
31
can't believe the first time I'm seeing northern lights is in... Cambridge
2
0
30
been a while, finally farmed another 2 CVEs. these were from the challenge I wrote for SEETF23
0
0
30
Honestly it's finally dawning on me that I'm actually starting a CS degree at Cambridge in a month's time. 2 years ago I got rejected from almost every US school I applied to. The process was so draining and demoralising that I didn't even want to try studying overseas anymore.
6
0
31
I used to do ctf every weekend and get burnt out, now I do ctf once every 3 months and ride the dopamine rush to 2nd place 🤷♂️
MOCA CTF Quals is over!
Here are the teams who swore the most against our absolutely non-cursed challs. Seems like MarcoG is not the only author to cause PTSD, web authors really need to touch the grass. Very hard, with the face.
See you in Pescara, arrosticini are waiting!
1
6
16
1
0
30
Going back home to 🇸🇬. Can't believe the CTF world tour coming to an end... I had so much fun 😭 how am I gonna get used to being a normal person again
0
0
30
Won 2nd place at a hackathon today as a solo team. Honestly, I think solo-ing a hackathon is a great experience to do once, just to test your skills & limits - never doing it again though... 😴
1
1
28
I averaged 1 country per month this year. 🇸🇬🇯🇵🇰🇷🇷🇴🇺🇲🇩🇪🇸🇪🇮🇸🇬🇧🇮🇹🇫🇷🇲🇹
2
0
28
be careful what you ask for
2
1
28
I'm ashamed to admit it but I once hoarded flags for a CTF. Please give me my UK visa.
2
0
25
Some interesting challenges from niteCTF:
Protip for all future subdomain takeover challenges - make sure your exploit page path isn't guessable, or someone (definitely not me) is gonna steal your flag 😅
0
3
24
my 3am brain's thoughts on regular expressions:
0
0
25
100% recommend driving 8 hours from vegas nerd fest to touch grass at yosemite!
0
1
24
guess i have a company now. life is strange
4
1
23
had a 6 hour layover at Helsinki, where I did 3 CSAW quals challs 🧊
0
0
23
meeting crazyman irl is a life-changing experience
Nice day in NUS and we got 1st in greyhat CTF 2023 Final.Meanwhile I'm really happy to see friends onsite :D
Thanks for the organizers of greyhat CTF 2023 final.Challenge are interesting and great!
7
2
98
2
0
22
Kind of strange flying 15 hours to get to Taiwan, when my home is only 4 hours away. Anyway I'm here for HITCON!
0
0
22
So, SEETF 2023 went really well. But it's missing one thing. One of the best things about CTFs is being able to meet talented individuals in person, and we want to do that with SEETF.
Here comes the problem - hosting an on-site CTF is hard, even more so for a small team like us.
1
0
22
I love my team I love my team I love my team I love my team I love my team I love my team I love my team I love my team
3
1
22
since this year's defcon finals weight is 34, this means that
@cursedCTF
has the potential to be 73% as significant as defcon finals
0
1
21
it's the time of the year again where I'm designing the ctf platform and I'm once again reminded of how much I hate css
1
1
21
After semi-tryharding some H1 programs over the past few weeks, I finally feel comfortable displaying this valuable skill on my LinkedIn profile. Truly an incredible skill to learn. More to come!
2
0
21
Christmas in Malta with Friendly Maltese Citizens (and Friendly U.S. Citizens and Friendly Greek Citizen)
0
0
21
It's a wrap for SEETF 2022! Here's something I wrote from a CTF-organisational point of view. It also talks a bit about our challenge infrastructure, which I was in charge of:
If anyone is interested!
3
1
21
got all the flags for my OSWE! 24 hours left to tidy up my exploit scripts and take all the screenshots I need 😋
0
0
20
I'm kinda drained from replying to Discord DMs, I guess when people do CTFs it's tempting to just DM the author instead of opening a ticket, but "can I please get a hint" distracts me from legit DMs and I end up forgetting about them
1
0
19
I got a £35 haircut this week at a salon and officially ended my "stereotypical CS look" era
4
0
20
ctf burnout is real, maybe I'll just hibernate until defcon
2
0
20
My 4 web challenges that are still unsolved:
- Wasmabism
- ezXXE
- Now You C Me
- Star Cereal Episode 4: The Revenge of the Breakfast
Come be the first one at
1
1
18
the hotel WiFi took like 10 mins to clone the repo but I worked on a small contribution to while in Japan :)
0
2
19
why are people actually paying $5 for a flag
4
3
19
Try my web challenge!
🚀 ACSC 2024 registration is LIVE! 🚀 Gear up for the cyber showdown on Mar 30-31. Top 15 CTF players could represent Asia in Chile! 🌎
🔗 Register:
More details →
#ACSC2024
#CyberSecurity
#CTF
#ACSC2024
1
24
52
0
2
18
I was gonna be productive today and work on my assignment but I got distracted hacking the autograder instead
0
0
19
Craziest hackathon story just happened to me. There was another team with the same name as us. It was announced really early on that they won a (slightly smaller) prize. So naturally we thought they won this prize too. Today I got an email saying we actually won the top prize...
0
0
19
first blooded something in HTB Business CTF
0
0
19
