REverse_Tactics
@Reverse_Tactics
Software reverse engineering & vulnerability discovery company.
📢 We're excited to announce our complete training catalog is now live at reversetactics.com/trainings/ ! Next up: "Bug Hunting In Hypervisors" at @reconmtl Register here: recon.cx/2025/trainingB…
It's time for @offensive_con and #Pwn2Own ! Come meet us there and and attend our sessions: 📅 Fri, May 16 @ 18:45 — Our talk “Journey to Freedom” about escaping VirtualBox during Pwn2Own 2024 📅 Sat, May 17 @ 14:00 — Watch our live VMware ESXi escape attempt ar #Pwn2Own
Slides and video of our talk at @offensive_con are already online ! Thanks to @Binary_Gecko for the amazing event reversetactics.com/publications/2…
#Pwn2Own went well for us ! If you are interested in learning about attacking hypervisors, sign up for our incoming training at @reconmtl ! reversetactics.com/trainings/bugh…
Sweet! Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics barely needed a second to demonstrate his exploit against VMware ESXi. He heads off to the disclosure room to provide the details of his work. #Pwn2Own #P2OBerlin
A successful collision! Corentin BAYET (@OnlyTheDuck) from @Reverse_Tactics used 2 bugs to exploit ESXi, but the Use of Uninitialized Variable bug collided with a prior entry. His integer overflow was unique though, so he still earns $112,500 & 11.5 Master of Pwn points. #Pwn2Own
Our talk "Journey to Freedom" about our Pwn2Own 2024 VirtualBox escape is coming to @offensive_con ! We will dive deeper into the technical challenges and obstacles we faced. @OnlyTheDuck will break down the key research phases and the exploit's most critical components.
2025 agenda is out! offensivecon.org/agenda/2025.ht…
Excited to announce our talk at #TyphoonCon2025: "Journey to freedom"! @OnlyTheDuck will share how we escaped VirtualBox and chained it to Windows kernel LPE at #Pwn2Own 2024. Expect a story-driven session filled with insights from the high-stakes environment of #Pwn2Own !
🌪️ Speaker Announcement! Excited to welcome @OnlyTheDuck to the #TyphoonCon2025 Conference lineup! Join us in Seoul on May 29-30: typhooncon.com/agenda
Could not dream of a better advertisement for our training "Bug Hunting in Hypervisors" at @reconmtl ! Students will be expected to (almost) do this in one day 😉 More details: recon.cx/2025/trainingB…
it took me so much time to finish this exploit but I finally did it! my first guest-to-host virtualbox escape is finally ready, using a combination of 2 bugs I can target the latest version :) Eternal thank you to my dear friend Corentin @OnlyTheDuck for constantly encouraging me…
For the first time, our training "Bug Hunting in Hypervisors" is open to the public at @reconmtl ! Designed for security researchers,we will dive into VM escapes, hypervisor attack surfaces, and real-world exploitation. More info: recon.cx/2025/trainingB…
Slides & video from our @GrehackConf talk "Attacking Hypervisors - A Practical Case" are online! Learn how we exploited vulnerabilities to escape VirtualBox during Pwn2Own Vancouver 2024: reversetactics.com/publications/2…
Join us live at @GrehackConf for @OnlyTheDuck's talk "Attacking Hypervisors : A practical case" at 4PM (paris time)! youtube.com/live/UMcHWx4sp…
Ready for @GrehackConf ! This Friday, catch @OnlyTheDuck's talk "Attacking Hypervisors: A practical case". If you're attending, Last year's talk is a must-read for background on hypervisor security. Check it out here : reversetactics.com/publications/2…
With so many variables in chained exploits and unknown network setups, anything can happen—but we’re thrilled that our tactics worked flawlessly in under 15 seconds across two different devices at #Pwn2Own
We have a collision in the SOHO Smashup. Corentin BAYET (@OnlyTheDuck) of @Reverse_Tactics used three bugs to go from the QNAP QHora-322 to the QNAP TS-464, but 1 had been previously seen in the contest. He still earns $41,750 and 8.5 Master of Pwn points. #Pwn2Own #P2OIreland
Live from Cork for #Pwn2Own Ireland! Tomorrow at 3PM (Cork time), we will exploit 3 vulnerabilities to compromise both the QNAP QHora322 router and TS-464 NAS in a SOHO smashup. Stay tuned !