Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Haifei Li Profile picture
Haifei Li
@HaifeiLi
For contact in the security community. NOTE: All the tweets are totally my personal opinions, not about any of my current employer stuff.
Aug 28 5 tweets 1 min read
As MSRC *finally* confirmed the two bugs, I have a "protip" to share w/ my fellow researchers.. 😅

Instead the vendor (you believe it's recklessly) asking you to provide more info, you ask them to provide their testing env & steps first. You want me to make a screen recording? Show your recording first.
Jul 19, 2022 4 tweets 1 min read
In no joking:), I discovered like 17 RCE bugs all in a SINGLE attack surface in Windows, which proved one point I've been talking about for a while. Thread.
Novel attack surface/vector research is soooo key important. Even for SDL leading vendors like Microsoft, there're still full of bugs if you find an unexplored area or a creative way to attack.
May 30, 2022 5 tweets 1 min read
For the "ms-msdt" Office ITW exploit, just did a quick test this Sunday. Here is what I got so far. 1/n
1)I got it successfully running on a then-fully-updated Win10+Office2021 env back to Dec, 2021 (that's the evn I have). A bit weird that the exp not working every time, sometimes it works sometimes not, not sure why now..