Voozh

Orange Tsai 🍊

1,041 posts

👁 Image

👁 user avatar

Orange Tsai 🍊

@orange_8361

This is 🍊

台灣

Joined August 2010

Pinned
👁 user avatar
Orange Tsai 🍊
@orange_8361
Aug 9, 2024
Thrilled to release my latest research on Apache HTTP Server, revealing several architectural issues! blog.orange.tw/2024/08/confus… Highlights include: ⚡ Escaping from DocumentRoot to System Root ⚡ Bypassing built-in ACL/Auth with just a '?' ⚡ Turning XSS into RCE with legacy code
👁 user avatar
Orange Tsai 🍊
@orange_8361
Sep 12, 2020
How I Hacked Facebook Again! Unauthenticated RCE on MobileIron MDM (slides inside) blog.orange.tw/2020/09/how-i-…#HITCON
👁 user avatar
Orange Tsai 🍊
@orange_8361
Aug 10, 2022
My favorite bug among the vulnerabilities I presented today! 😆 The original intent was to compare the password. However, the developer copy-and-pasted the code but forgot to replace the variable name. That leads to the Authentication Bypass on IIS.
👁 Image
👁 user avatar
Orange Tsai 🍊
@orange_8361
Jun 2, 2025
I don't have OSCP—instead, I have OSEE! 🎉
👁 Image
👁 Image
👁 user avatar
Orange Tsai 🍊
@orange_8361
Aug 30, 2024
My first kernel exploit! Big thanks to @d3vc0r3 and @offsectraining ! 🎉
👁 user avatar
Orange Tsai 🍊
@orange_8361
Apr 26, 2022
Unsafe .Net Deserialization in Windows Event Viewer! This is a by-product of my research. Has confirmed with MSRC that this didn't cross any security boundary, but I guess it could still be another fun #LOLbas or Defender Bypass.😆
👁 Image
00:00
👁 user avatar
Orange Tsai 🍊
@orange_8361
Jan 5, 2021
Just report a pre-auth RCE chain to the vendor. This might be the most serious RCE I have ever reported! Hope there is no bug collision or duplicate😝
👁 user avatar
Orange Tsai 🍊
@orange_8361
Aug 6, 2021
A New Attack Surface on Microsoft Exchange! The series covers most of my Black Hat USA and DEFCON talks (with slides and video inside). More articles and vulnerabilities are coming soon! blog.orange.tw/2021/08/proxyl…
👁 user avatar
Orange Tsai 🍊
@orange_8361
Jun 7, 2024
PHP just fixed one of my RCE vulnerabilities, which affects XAMPP by default. Check to see if you are affected and update now! 🔥 blog.orange.tw/2024/06/cve-20…
👁 user avatar
Orange Tsai 🍊
@orange_8361
Feb 13, 2021
Most of my public presentation slides are on GitHub now!
👁 Image
GitHub - orangetw/My-Presentation-Slides: Collections of Orange Tsai's public presentation slides.
From github.com
👁 user avatar
Orange Tsai 🍊
@orange_8361
Jun 12, 2019
Achievement unlocked! Got RCE and the highest bounty on Twitter bug bounty program XD
👁 Image
hackerone.com
HackerOne profile - orange
This is 🍊 - http://blog.orange.tw
👁 user avatar
Orange Tsai 🍊
@orange_8361
Sep 10, 2020
An RCE blog is scheduled and will be published soon :P
👁 user avatar
Orange Tsai 🍊
@orange_8361
May 12, 2021
Yay, my talk is accepted by Black Hat USA! "... 7 vulnerabilities that consist of server-side, client-side, and crypto bugs were found via this attack surface and chained into 3 different attack scenarios: ProxyLogon, ProxyShell and ProxyOracle!" blackhat.com/us-21/briefing…#BHUSA
👁 Image
👁 user avatar
Orange Tsai 🍊
@orange_8361
Feb 19, 2019
Here is the whole exploit chain of Jenkins Unauthenticated RCE(and PoC video youtu.be/abuH-j-6-s0)! Hacking Jenkins Part 2 - Abusing Meta Programming for Unauthenticated RCE! blog.orange.tw/2019/02/abusin…
👁 user avatar
Orange Tsai 🍊
@orange_8361
Mar 5, 2021
I know there are lots of people waiting for the recent Microsoft Exchange pre-auth RCE on our side. This is a short advisory and detailed timeline. proxylogon.com #proxylogon
👁 Image
proxylogon.com
ProxyLogon
ProxyLogon - The latest pre-authenticated Remote Code Execution vulnerability on Microsoft Exchange Server

URL: https://x.com/orange_8361

⇱ Orange Tsai 🍊 (@orange_8361) / X