thAI Duong
 @XorNinja

Chief at @calif_io | ex-Google | I'm hiring calif.io/jobs

vnhacker.substack.com/
Joined September 2012
FYI: Tavis is gonna work on FFmpeg security
Tavis Ormandy
 @taviso
Nov 4
Hah, I've been talked into working on research projects with @xorninja at @calif_io! Less drama, safer software! 😆
3
4
117
thAI Duong retweeted
Coinspect Security
 @coinspect
Sep 24
Throwback to 2011: our founder @julianor (with @XorNinja, formerly at Google and now leading @calif_io) exposed critical flaws in SSL/TLS (HTTPS) with the BEAST attack at Ekoparty 🔥 🤯 Breakthroughs like these inspire the work we do at Coinspect today!
Today In Infosec @todayininfosec
Sep 24
2011: Thai Duong and Juliano Rizzo demonstrated a proof of concept at the Ekoparty security conference to decrypt encrypted cookies, exploiting a vulnerability in TLS 1.0 and earlier. They named the attack BEAST (Browser Exploit Against SSL/TLS).
7
13
"Vibe hacking" with Cursor remote development blog.calif.io/p/vibe-hacking…

“Vibe Hacking”: Abusing Developer Trust in Cursor and VS Code Remote Development

Update: Mauro Soria pointed out that this attack vector can be easily adapted for phishing scenarios:

blog.calif.io
1
9
Twitter has become useless for me. What are all the crypto and security peeps hanging out these days?
1
10
New crypto attack AITM unleashed: Atlantic in the Middle Attack.
4
2
No car was harmed during this audit. We planned to tear apart my Subaru — it was gonna be a full-blown autopsy! I was ready to sacrifice my car for bugs. Luckily, the team figured out a way to build the attacks w/o any 4-wheel victims. Thank you Google for a fun engagement!
Calif
 @calif_io
Jan 10
CVE-2024-10382: Arbitrary code execution in Android Auto and various apps open.substack.com/pub/calif/…
2
thAI Duong retweeted
Calif
 @calif_io
Jan 10
CVE-2024-10382: Arbitrary code execution in Android Auto and various apps open.substack.com/pub/calif/…

CVE-2024-10382: Arbitrary code execution in Android Auto and various apps

In July 2024, Google engaged Calif to audit Android Automotive OS (AAOS) and Android Auto.

blog.calif.io
2
2
11
🚀 Wallet Security Ranking Launched! 🔎After months of thorough testing, our comprehensive crypto wallet security framework is live. ⚠️Which wallet do you use, and how did it score? ➡️We test, you decide. coinspect.com/wallets/

Wallet Security Ranking | Coinspect Security

Coinspect's Wallet Ranking sets a benchmark for web3 safety.

coinspect.com
12
27
10
69
The DEF CON video of my talk 'Splitting the Email Atom' is finally here! 🚀 Watch me demonstrate how to turn an email address into RCE on Joomla, bypass Zero Trust defences, and exploit parser discrepancies for misrouted emails. Don’t miss it: portswigger.net/research/spl…

Splitting the email atom: exploiting parsers to bypass access controls

Some websites parse email addresses to extract the domain and infer which organisation the owner belongs to. This pattern makes email-address parser discrepancies critical. Predicting which domain an

portswigger.net
29
1
111
thAI Duong retweeted
Bill Hayton @bill_hayton
21 Sep 2024
The new leader of Vietnam, To Lam, is about to arrive in the US and the authorities have released a couple of political prisoners. Great news! But there are several more still in prison. I'm pleased to have signed this appeal for the release of the writer Huy Duc.
4
14
2
108
thAI Duong retweeted
Calif
 @calif_io
12 Aug 2024
Wormable Substack XSS: blog.calif.io/p/wormable-sub… It must have been years since the last time a wormable XSS was found in a major social media website. This beautiful type confusion XSS attack vector is a gift that keeps on giving. But most of all, @samykamkar is our hero!

Wormable Substack XSS

We found a stored Cross-Site Scripting (XSS) vulnerability in Substack.

blog.calif.io
Calif
 @calif_io
16 Jul 2024
Type confusion attacks in ProseMirror editors blog.calif.io/p/type-confusi…
10
1
23
thAI Duong retweeted
Tao Yan @ga1ois
11 Aug 2024
Really thrilled and truly honored to receive this year's Pwnie Award for Most Innovative Research with @le_douds. It's a wonderful wrap-up for our work. Can't wait to start the next journey of our research. Great thanks to @PwnieAwards! #defcon32
1
11
50
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confu… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code from 1996
37
651
36
1,842
This is vulnerability research at its finest. The researcher examined the most complicated structure that most people would just avoid to discover the most obvious vulnerability that has evaded detection for years.
6
If you're into beautiful attacks, check out this piece of work by @rskvp93. ProseMirror is a powerful web editor used by the NYT, The Guardian or Atlassian. Its rather complicated design spec is 100+ pages in print. @rskvp93 was like, "Oh the spec has a bug in page 79."
Calif
 @calif_io
16 Jul 2024
Type confusion attacks in ProseMirror editors blog.calif.io/p/type-confusi…
1
9
30
thAI Duong retweeted
Nico Waisman
 @nicowaisman
16 Jul 2024
I learned about Padding Oracle 2010 when @julianor and @XorNinja released their bug against ASP.NET. I always loved how clever the vulnerability was, and over many years I encountered it in multiple penetration test 🧵.
1
5
1
16
thAI Duong retweeted
Calif
 @calif_io
2 May 2024
We analyzed a LockBit v3 variant, and rediscovered a bug that allows us to decrypt some data without paying the ransom. We also found a design flaw that may cause permanent data loss. This is a joint work with @cPeterr. Enjoy! blog.calif.io/p/dissecting-l…

Dissecting LockBit v3 ransomware

We analyzed a variant of LockBit v3 ransomware, and rediscovered a bug that allows us to decrypt some data without paying the ransom. We also found a design flaw that may cause permanent data loss.

blog.calif.io
24
1
77
thAI Duong retweeted
Tim Willis @itswillis
18 Apr 2024
Join @j00ru as he shares his research/adventure through the Windows Registry: googleprojectzero.blogspot.c… 50 CVEs is just the beginning. Future posts will explore the attack surface, history, practical exploitation using hive memory corruption, cell indexes and other good times🎉
1
87
2
161
thAI Duong retweeted
Qrious Secure @qriousec
17 Apr 2024
CVE-2024-0517 - Chrome V8 maglev compiler optimization RCE vulnerability, has been derestricted (along with exploit code). This was reported by our teammate @__suto issues.chromium.org/issues/4…
1
24
2
92
thAI Duong retweeted
Calif
 @calif_io
11 Apr 2024
Ransomware response strategy blog.calif.io/p/ransomware-r…

Ransomware Response Strategy

Summary

blog.calif.io
5
19
Load more