Pumpkin 🎃 @u1f383

Security researcher at DEVCORE. Focus on Linux kernel.

u1f383.github.io
Joined December 2013
Pumpkin 🎃 retweeted
Trend Zero Day Initiative
 @thezdi
Oct 21
Confirmed! All that's old is new again as the @DEVCOREteam used multiple injections and a format string bug(!) to exploit the QNAP TS-453E. Their unique bugs earn them $40,000 and 4 Master of Pwn points.
2
17
201
Met the CoR guys and lots of researchers at Hexacon 2025! I’ll never forget it!☺️
Crusaders of Rust @cor_ctf
Oct 13
We at CoR (+ @u1f383) had a great experience at @hexacon_fr this weekend Met many skilled VR people, the venue was amazing, and the speaker gifts were simply🔥 Best offensive security conference we have seen so far - thanks again to the organizers for the opportunity!
2
35
It's awesome that William made a stable exploit to get RCE through the Linux kernel SMB server (ksmbd). It is difficult, but he nailed it! You've got to read his post to see the tricks and strategies he used 😆.
Crusaders of Rust @cor_ctf
Sep 14
Say hello to Eternal Tux🐧, a 0-click RCE exploit against the Linux kernel from KSMBD N-Days (CVE-2023-52440 & CVE-2023-4130) willsroot.io/2025/09/ksmbd-0… Cheers to @u1f383 for finding these CVEs + the OffensiveCon talk from gteissier & @laomaiweng for inspiration!
3
37
266
Pumpkin 🎃 retweeted
Andrey Konovalov
 @andreyknvl
Sep 11
Wrote a trigger for CVE-2025-38494/5 (an integer underflow in the HID subsystem) that leaks 64 KB of OOB memory over USB. Still works on Pixels and Ubuntus (but the bug is fixed in stable kernels). github.com/xairy/kernel-expl…
5
81
5
502
Pumpkin 🎃 retweeted
Gerrard Tai @gerrard_tai
Sep 10
Some of the things I was up to at @starlabs_sg... gerrardtai.com/anatomy-of-a-…

The anatomy of a bug: 6 Months at STAR Labs

As July came to an end, so did my 6 months at STAR Labs. I started a three-month internship at the Singapore-based vulnerability research firm in February, before deciding to extend my time there...

gerrardtai.com
3
29
136
Pumpkin 🎃 retweeted
Shreyas Penkar
 @streypaws
Sep 9
My research on CVE-2025-38352 (posix-cpu-timers TOCTOU Race condition) which was released in @Android Sept 2025 Bulletin, covering the internals, the patch-fix, vulnerability analysis, and a demo of a PoC that caused a crash in the Android kernel. Blog: streypaws.github.io/posts/Ra…

Race Against Time in the Kernel’s Clockwork

An in-depth exploration of the Linux POSIX CPU Timer Subsystem, including patch analysis and vulnerability insights for Android Kernel CVE-2025-38352.

streypaws.github.io
4
50
1
206
Last weekend, I participated in corCTF and solved the Android Pwn challenge - corphone. It was a great challenge, and I learned a lot from it. Here's my write-up :) u1f383.github.io/android/202…

corCTF 2025 - corphone

Last week, I participated in corCTF as part of team Billy (simply because my friend Billy (@st424204) was also playing it in his free time) and solved an Android pwn challenge, corphone. Although I...

u1f383.github.io
1
54
1
235
Pumpkin 🎃 retweeted
Tim Willis @itswillis
Aug 8
That time when @tehjh was just reviewing a new Linux kernel feature, found a security vuln, then went on a journey to see if he could exploit it from inside the Chrome Linux Desktop renderer sandbox (spoiler: very yes) googleprojectzero.blogspot.c…
49
3
135
Our latest post details how we exploited Retbleed (a CPU vulnerability) to compromise a machine from a sandboxed process and VM! Curious? 👇 bughunters.google.com/blog/6…

Blog: Exploiting Retbleed in the real world

Curious to hear about our experience exploiting Retbleed (a security vulnerability affecting modern CPUs)? Then check out this post to see how we pushed the boundaries of Retbleed exploitation and...

bughunters.google.com
56
4
210
Pumpkin 🎃 retweeted
Shreyas Penkar
 @streypaws
Aug 6
Inspired by @__sethJenkins's cool research on the adsprpc driver in Android, I took a deep dive into the codebase and documented the internal workings of the @Qualcomm DSP Kernel Driver (FastRPC implementation). Blog: streypaws.github.io/posts/DS…

Qualcomm DSP Kernel Internals

In depth internals on Qualcomm DSP Kernel (FastRPC implementation)

streypaws.github.io
1
38
113
Pumpkin 🎃 retweeted
starlabs @starlabs_sg
Aug 3
Reverse engineering Google's undocumented DSP pays off! Our co-workers @st424204 & @Peterpan980927 found the first public vuln in Pixel 8's DSP → kernel takeover MTE? What MTE? 😎 Their talk got accepted at @HacksInTaiwan hitcon.org/2025/en-US/agenda…

Cracking the Pixel 8: Exploiting the Undocumented DSP to Bypass MTE - HITCON 2025

Last year, we uncovered the first publicly known security vulnerability in Google's proprietary Digital Signal Processors (DSP) embedded in the Pixel 8. This processor was previously undocumented and...

hitcon.org
3
48
1
189
Pumpkin 🎃 retweeted
Andrey Konovalov
 @andreyknvl
Jul 28
Documented instructions for setting up KGDB on Pixel 8. Including getting kernel log over UART via USB-Cereal, building/flashing custom kernel, breaking into KGDB via /proc/sysrq-trigger or by sending SysRq-G over serial, dealing with watchdogs, etc. xairy.io/articles/pixel-kgdb

📲 Debugging the Pixel 8 kernel via KGDB

Instructions for getting kernel log, building custom kernel, and enabling KGDB on Pixel 8

xairy.io
5
143
1
472
Pumpkin 🎃 retweeted
Crusaders of Rust @cor_ctf
Jul 24
corCTF 2025 is a little over a month away!🚩 This year, we have a prize pool worth over 10k, with 9k in cash prizes! 💵 As for the first teaser, we are introducing CoRPhone! Are you ready to pwn an Android kernel, exfiltrate chat logs, and save a 1 million dollar pigeon?👀
1
12
98
Pumpkin 🎃 retweeted
Crusaders of Rust @cor_ctf
Jul 11
Here is our 0day for kernelCTF🩸 - 82k bounty - quickest submission ever - all instances pwned😎 syst3mfailure.io/rbtree-fami… Disclaimer: We apologize for abusing the red black tree family. Turning grandparents against grandchildren is only acceptable in the context of pwn😤

[CVE-2025-38001] Exploiting All Google kernelCTF Instances And Debian 12 With A 0-Day For $82k: An...

CVE-2025-38001 is a Use-After-Free vulnerability in the Linux network packet scheduler, specifically in the HFSC queuing discipline. When the HFSC qdisc is utilized with NETEM and NETEM packet...

syst3mfailure.io
Crusaders of Rust @cor_ctf
Jun 23
Exploit write-ups for our 🚨latest 0-day🚨and the tragedy that swept the red black tree family dropping soon 👀 Here is a tiktok style video for those of you with no attention span thanks to slop and social media. Turn on the audio!!!
76
2
311
Pumpkin 🎃 retweeted
Orange Tsai 🍊
 @orange_8361
Jul 3
This will be one of the few OSEE trainings held in Asia. Welcome to Taiwan :) blog.orange.tw/posts/2025-07…

從 Web 狗的視角看 OSEE — 從 0.1 開始的 Advanced Windows Exploitation 考試

✅:『課程結束後一年內要考到 OSEE 證照喔』🍊:「安啦,有一整年能準備哪不行」 (⏳⋯⋯) ✅:『公司下個月開始宣傳課程,到時候要有心得文唷』🍊:「好(默默打開 OffSec 網站排了死線前一天考試)」 (⏳⋯⋯) 🍊:「下禮拜就要考試了,怎麼會這樣 ヽ(゚Д゚≡゚Д゚)ノ 」✅:『你到底在幹嘛???』 這篇文算是自己準備 OSEE 考試的一點小心得,關於課程內容大家可以參考上一

blog.orange.tw
4
32
268
This post is also available on DEVCORE's blog. en: devco.re/blog/2025/06/26/the… zh-tw: devco.re/blog/2025/06/26/the…
1
13
A bit late, but I just published my blog post on bypassing Ubuntu’s sandbox! Hope you enjoy it! u1f383.github.io/linux/2025/…

The Journey of Bypassing Ubuntu’s Unprivileged Namespace Restriction

u1f383.github.io
5
114
3
394
Pumpkin 🎃 retweeted
Crusaders of Rust @cor_ctf
May 30
🚨🚨🚨We just broke everyone’s favorite CTF PoW🚨🚨🚨 Our teammate managed to achieve a 20x SPEEDUP on kctf pow through AVX512 on Zen 5. Full details here: anemato.de/blog/kctf-vdf The Sloth VDF is dead😵 This is why kernelCTF no longer has PoW!

Beating the kCTF PoW with AVX512IFMA for $51k

PoW is gone 🦀🦀

anemato.de
37
145
Billy again…
Trend Zero Day Initiative
 @thezdi
May 15
After a dramatic pause in getting things setup Billy(@st424204) and Ramdhan(@n0psledbyte) of STAR Labs preformed a Docker Desktop escape to pop calc - and they are also now off to the disclosure room - good luck! #Pwn2Own #P2OBerlin
2
1
24
Pumpkin 🎃 retweeted
Trend Zero Day Initiative
 @thezdi
May 15
Our first confirmation of #Pwn2Own Berlin! Pumpkin (@u1f383) from DEVCORE Research Team used an integer overflow to escalate privs on Red Hat Linux. He earns $20,000 and 2 Master of Pwn points. #P2OBerlin
4
19
2
152
Load more