Nguyen The Duc

@ducnt_

Just another web warrior ⚔️ | Security Researcher |Sr. Security Engineer | CTF player && | squad |💰 | nano 💻

Inside The PHP Storm
ducnt.net
Joined February 2017
40 Photos and videos Photos and videos

Tweets

You blocked @ducnt_

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @ducnt_

  1. Pinned Tweet
    Sep 5

    So, here is another gift for you about Imagemagick RCE 0-day that afftceted to GhostScript-9.50 😀

    12 replies 355 retweets 858 likes
    Show this thread
    Show this thread
    Undo
  2. Retweeted
    Oct 26

    My first macOS LPE

    4 replies 4 retweets 146 likes
    Undo
  3. Retweeted
    Oct 25

    Read the details about -2021-21703 on our Ambionics' blog, a 10 year-old Local Root vulnerability affecting PHP-FPM, FastCGI's server. PHP-FPM is often used with major HTTPd servers such as and .

    3 replies 111 retweets 265 likes
    Undo
  4. Retweeted
    Oct 19

    It’s never too late to review path normalizations and break parser logics!

    after Apache HTTPd Path Traversal (CVE-2021-42013/41773) I review the CVE-2018-19052 Lighttpd path traversal (credit )
    55 retweets 314 likes
    Undo
  5. Retweeted
    Oct 16

    Infosec confs: Let's listen to this CIO talk about the security lifecycle for an hour. Meanwhile in China:

    tianfucup tfc
    4 replies 89 retweets 329 likes
    Undo
  6. Retweeted
    Oct 9

    Why?

    4 replies 70 retweets 459 likes
    Undo
  7. Oct 5

    Just got worked exploit PoC for path traversal in Apache HTTP Server 2.4.49 (CVE-2021-41773) with my collab again 👀

    7 replies 135 retweets 468 likes
    Undo
  8. Retweeted
    Oct 4

    Here's our best explanation from what we can see on how disappeared from the Internet:

    81 replies 2,430 retweets 4,891 likes
    Undo
  9. Retweeted
    Oct 4

    4 replies 525 retweets 1,579 likes
    Undo
  10. Retweeted
    Sep 30

    For the hardcore PHP auditing fans... It's not just about the successes this time. It's important to cover the failures too!

    Chasing a Dream :: Pre-authenticated Remote Code Execution in Dedecms
    17 retweets 76 likes
    Undo
  11. Retweeted
    Sep 27

    Finally, here is the blog for the prototype pollution research we did. "A tale of making internet pollution free" - Exploiting Client-Side Prototype Pollution in the wild

    Prototype Pollution
    12 replies 331 retweets 713 likes
    Show this thread
    Show this thread
    Undo
  12. Retweeted
    Sep 23

    Seen this on Instagram

    8 replies 28 retweets 235 likes
    Undo
  13. Retweeted
    Sep 18

    Nuclei < v2.5.2 was vulnerable to RCE. I found that you could achieve RCE by using a malicious .yaml template and exploiting nuclei's headless browser feature, which runs with sandbox disabled. Thanks for the quick update and fix. PoC:

    3 replies 70 retweets 320 likes
    Undo
  14. Retweeted
    Sep 15

    Life will always find a way… raaRrRRrR 🦖

    “Billy, it’s time you learn about money”, *adult hands billy money*, “and the importance of… billy NO” *billy is inserting the money into a vending machine labeled winrar
    5 replies 24 retweets 154 likes
    Undo
  15. Retweeted
    Sep 15

    Gru meme. Ignore Windows Security, Focus on Azure Secuirty, Both Platforms Insecure.
    10 replies 208 retweets 1,006 likes
    Undo
  16. Retweeted
    Sep 15

    I just found iOS 14.8 not just patched two 0 days. It also patched CVE-2021-1740 again silently.

    5 replies 98 retweets 311 likes
    Undo
  17. Retweeted
    Sep 13

    Trust the estimates

    4 replies 70 retweets 360 likes
    Undo
  18. Retweeted
    Sep 13

    SpockJs, a new side-channel attack on modern CPUs, successfully bypasses the Site Isolation security feature of and Chromium-based browsers to protect against Spectre-type flaws, allowing attackers to steal data from other sites.

    82 retweets 129 likes
    Undo
  19. Retweeted
    Sep 13

    Stop and UPDATE your iPhones to iOS 14.8 NOW!!! We recovered NSO Group's FORCEDENTRY zero-click exploit (CVE-2021-30860) from the phone of a Saudi activist, and shared w/ Apple, who released iOS 14.8 today with a fix.

    30 replies 1,097 retweets 1,584 likes
    Show this thread
    Show this thread
    Undo
  20. Retweeted
    Sep 13

    WTF AWS Security? The year is 2021 and you still don't allow your security researcher to disclose a ridiculous vulnerability they found on their own time, using resources paid with their own money, even after the vendor refused to fix it!

    This Tweet is unavailable.
    3 retweets 11 likes
    Undo

@ducnt_ hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·