1. X
  2. V4bel
Log inSign up
V4bel
65 posts
user avatar
V4bel
@v4bel
Independent Vuln. Researcher / Pwn2Own Berlin 2025, 2026 / Google kernelCTF 0-day / Google kvmCTF 0-day / Pwnie Awards 2025
Joined November 2019
159
Following
3,554
Followers
RepliesRepliesMediaMedia

New to X?

Sign up now to get your own personalized timeline!

Create account

By signing up, you agree to the Terms of Service and Privacy Policy, including Cookie Use.

TermsยทPrivacyยทCookiesยทAccessibilityยทAds Infoยทยฉ 2026 X Corp.
Don't miss what's happening
People on X are the first to know.
Log inSign up
  • Pinned
    user avatar
    V4bel
    @v4bel
    Jul 6
    ๐Ÿ’ฅ Introducing "Januscape" (CVE-2026-53359) A Guest-to-Host Escape in KVM/x86 exploiting a UAF in the shadow MMU. Triggerable on both Intel and AMD hosts. Threatens x86 public clouds (GCP, AWS) that expose nested virtualization. "16 years" latent. Successfully used as a
    Image
    00:00
    54K
  • user avatar
    V4bel
    @v4bel
    Dec 19, 2024
    I just released our kernelCTF VSock 0-day write-up with @_qwerty_po . (exp196/exp197, CVE-2024-50264) github.com/google/securitโ€ฆ We made history by being the first to exploit VSock in kernelCTF, expanding its known attack vectors. ๐Ÿฅณ Itโ€™s a pretty *simple* race condition, right?
    Image
    59K
  • user avatar
    V4bel
    @v4bel
    Oct 21, 2024
    Google kernelCTF LTS/COS 0-day WIN! Successfully exploited an extremely complex race condition 0-day vuln on two instances without using namespaces ๐ŸŽ‰ work with @_qwerty_po
    Image
    Image
    32K
  • user avatar
    V4bel
    @v4bel
    Jun 2, 2025
    @_qwerty_po and I exploited a VSock 1-day in Google kernelCTF back in *February*, securing $71,337 ๐Ÿฅณ (CVE-2025-21756, exp237/exp249) And Iโ€™ve just published the write-up: github.com/google/securitโ€ฆ A kernel developer reviewing a patch for a separate VSock bug I submitted
    Image
    00:00
    16K
  • user avatar
    V4bel
    @v4bel
    Sep 6, 2024
    Found a 0-day in the Linux Kernel TCP a while back and finally sharing the details!
    user avatar
    Theori
    @theori_io
    Sep 6, 2024
    ๐Ÿšจ New Linux Kernel vulnerability (CVE-2024-27394) discovered & patched by Theori! ๐Ÿ”— blog.theori.io/deep-dive-intoโ€ฆ Our researcher @v4bel at #Theori identified a critical #UAF vulnerability in TCP-AO caused by a race condition in the #RCU API. Using techniques from the ExpRace paper,
    22K
  • user avatar
    V4bel
    @v4bel
    Aug 9, 2025
    Our CVE-2024-50264 with @_qwerty_po has won the Best Privilege Escalation category at the 2025 Pwnie Awards. Thank you, @PwnieAwards!!
    Image
    Image
    Image
    16K
  • user avatar
    V4bel
    @v4bel
    Jun 30, 2025
    CVE-2025-38087: Linux Kernel Traffic Control TAPRIO Use-After-Free This is a 64byte UAF write vuln I discovered for Pwn2Own. However, I couldnโ€™t reliably exploit it due to the extremely narrow race window, so I had no choice but to patch it ๐Ÿ˜ฅ git.kernel.org/pub/scm/linux/โ€ฆ
    9.7K
  • user avatar
    V4bel
    @v4bel
    Jul 24, 2025
    Our CVEโ€‘2024โ€‘50264 has been nominated for the Best PE at the Pwnie Awards ๐Ÿซข
    user avatar
    Pwnie Awards
    @PwnieAwards
    Jul 23, 2025
    We are very happy to announce the nominees for the 2025 Pwnie Awards! As a reminder, we will be presenting the winners at DEF CON this year. Saturday the 9th, 10:00AM Main Stage. Hope to see you there! docs.google.com/document/d/1fyโ€ฆ
    14K
  • user avatar
    V4bel
    @v4bel
    Mar 14, 2025
    Did you know that in Upstream, the conventional โ€œoverwriting modprobe_pathโ€ technique doesnโ€™t work anymore? So, I developed a new technique that generally triggers modprobe_path. It's a simple ideaโ€”nothing fancy, but pretty useful ๐Ÿ™ƒ
    user avatar
    Theori
    @theori_io
    Mar 14, 2025
    ๐Ÿ” NEW RESEARCH: We've revived the modprobe_path privilege escalation technique in #Linux kernels. How? Read out blog to find out: blog.theori.io/reviving-the-mโ€ฆ Remember, we will always find a new way!
    11K
  • user avatar
    V4bel
    @v4bel
    Aug 1, 2025
    I have now left @theori_io. After a brief break, I plan to resume my research ๐ŸคŸ
    5.1K
  • user avatar
    V4bel
    @v4bel
    Feb 26, 2025
    If I ever get a chance, I would like to share my insights on race conditions ๐Ÿค”
    6.1K
  • user avatar
    V4bel
    @v4bel
    Dec 19, 2024
    Replying to @v4bel
    BTW, This is a variant of CVE-2021-26708: a13xp0p0v.github.io/2021/02/09/CVEโ€ฆ It was the first vuln analyzed after joining the company two years ago. Back then, I knew vvs still ended up as a dangling ptr even after the vuln was patched, but only recently succeeded in triggering the UAF. ๐Ÿฅฒ
    Image
    a13xp0p0v.github.io
    Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux kernel
    CVE-2021-26708 is assigned to five race condition bugs in the virtual socket implementation of the Linux kernel. I discovered and fixed them in January 2021. In this article I describe how to exploit...
    6.7K
  • user avatar
    V4bel
    @v4bel
    Jun 28, 2024
    ๐Ÿ˜Ž
    user avatar
    qwerty
    @_qwerty_po
    Jun 28, 2024
    Successfully exploited a 0-day vulnerability in KernelCTF! work with @v4bel ๐ŸŽ‰
    Image
    9.2K
  • user avatar
    V4bel
    @v4bel
    Jan 1, 2025
    Happy New Year! I hope I can grow even more this year ๐Ÿ™
    3.8K
Advertisement
Advertisement