Pikagi
Rocco Calvi Profile Banner
Rocco Calvi Profile
Rocco Calvi

@TecR0c

2,968
Followers
1,003
Following
78
Media
1,487
Statuses

Security Researcher and technical advisor @dfsec_com

Ring 0
Joined March 2010
Don't wanna be here? Send us removal request.
Pinned Tweet
@TecR0c
Rocco Calvi
@TecR0c
2 years
Achieved top position on MSRC Q3 Office Security Researcher Leaderboard ;-D congrats to all the outstanding researchers recognised in this quarter! Thanks @msftsecresponse 🙏🏼
Tweet media one
4
3
77
Last Seen Profiles
ali ଘ(੭ˊᵕˋ)੭* ੈ

@hunnnli

S Djarew

@sahjahdjarew

Stacy Kate

@StacyKa758188

Pemuas Emak2 STW

@stwmaniax

Serena Nik-Zainal

@SerenaNikZainal

فحلك يا اختي

@ya71742

Black Authority

@TheBlackChannel

UofG Graduate Coalition

@UofGGC

SR71-Blackbird

@MakariEdward

Jeff

@KingbarbPF2

Bravalcaládemia

@AcademiaRNR

Türk Olgun Porno - Türk Dul Porno

@dul_turkporno

夏みかん

@kiryu200231

defenceWeb

@defenceWeb_Afr

INFO BOKEP LOKAL TANTE SEMOK

@bokeplokalmalam

Stephan Sutter @perelandra1881@mastodon.online

@perelandra1881

Michael E. McMahon

@mcmahon_esq

Starknet Foundation

@StarknetFndn

INFO BOKEP LOKAL TANTE SEMOK

@bokeplokalmalam

Nick Woznitza 🇪🇺

@xray_nick

مَرام 🪷

@diariesofaheart

La Opinión A Coruña

@laopinioncoruna

Bazza

@Barry_Bdog

Fitri Cellular

@Fitriniez06

Quixy

@QuixyOfficial

Tim

@acupoftim

上総みなと

@kazusa3710

Nigel🎯

@nunes_xox

XYZ

@AFRONOWRADIO

Ngô Minh Bảo

@lamduyen123

ユーカリ🦋

@tsutsutsu_ne

Heather Derocher

@HD_Derocher

松浦

@pal77matsu

андрей кислотный

@Oo_Andrey

shannon | onestar.ltd

@dwirsl

B0l

@Bolverk15

@TecR0c
Rocco Calvi
@TecR0c
2 years
I found six critical vulnerabilities (CVE-2023-27339 to CVE-2023-27343 and CVE-2023-27348) in the parsing of TIF, PNG, and EMF files within PDF-XChange Editor. These security flaws could allow remote attackers to execute arbitrary code on affected installations
11
24
241
@TecR0c
Rocco Calvi
@TecR0c
10 months
Uncovered a EoP flaw with @sickcodes at #Hardpwn in Android Google Chromecast's KeyChain, tagged CVE-2023-48417. This allows an attacker to escalate privileges to manipulate the KeyChain operations by sending a malicious Intent to KeyChainActivity. Details in Dec's Android
Tweet media one
4
32
174
@TecR0c
Rocco Calvi
@TecR0c
2 years
🚨 Just disclosed CVE-2023-28760: a critical RCE vulnerability in TP-Link AX1800 Wi-Fi 6 Routers! Update your firmware ASAP! 🔗 Blog post: 🔗 Exploit code:
0
54
128
@TecR0c
Rocco Calvi
@TecR0c
2 years
Microsoft has patched one of my RCE bugs CVE-2022-29109, affecting Excel and Office Server #PatchTuesday
4
12
118
@TecR0c
Rocco Calvi
@TecR0c
1 year
I found myself face-to-face with the legendary bug-hunter 🍊 @orange_8361 ! Honour to meet the master of epic vulns.
Tweet media one
1
3
112
@TecR0c
Rocco Calvi
@TecR0c
2 years
Achieved 1st position on #MSRC 2022 Q1 Office Security Researcher Leaderboard ;-D Thanks @msftsecresponse for verifying all my reports! More bugs on the way
Tweet media one
6
9
99
@TecR0c
Rocco Calvi
@TecR0c
2 years
Landed another Excel Remote Code Execution Vulnerability 😎 CVE-2023-23399 The specific flaw was found within the generation of trend tries data 📊 Thanks @msftsecresponse for the collaboration in addressing this vulnerability.
2
24
92
@TecR0c
Rocco Calvi
@TecR0c
1 year
Thrilled to share I’ve secured third place as a overall top Office researcher this year and also made it on the MVR leaderboard🏆Congratulations to all the other Microsoft researchers and thanks @msftsecresponse !! #infosec #bughunting #CVEs
Tweet media one
8
3
65
@TecR0c
Rocco Calvi
@TecR0c
1 year
Found 2 critical RCE vulnerabilities in @NETGEAR RAX30 routers! CVE-2023-27360 & CVE-2023-27361. Update your router ASAP! 🔧 More info: & #cybersecurity #NETGEAR
Tweet media one
2
12
63
@TecR0c
Rocco Calvi
@TecR0c
2 years
My Microsoft Word Remote Code Execution Vulnerability CVE-2022-41031 and Microsoft Office Graphics Remote Code Execution Vulnerability CVE-2022-38049 got patched thanks to @msftsecresponse !
2
3
60
@TecR0c
Rocco Calvi
@TecR0c
2 years
Got 3 of my information disclosure vulnerabilities effecting Microsoft Sharepoint and Office patched this month thanks @msftsecresponse :) #PatchTuesday CVE-2022-30172, CVE-2022-30171, CVE-2022-30159
1
3
59
@TecR0c
Rocco Calvi
@TecR0c
1 year
I recently identified a Remote Code Execution vulnerability, CVE-2023-35371, impacting Microsoft Office 365, Office 2019 for Mac, and Office LTSC for Mac 2021 due to a double free vulnerability. I'd like to thank the @msftsecresponse team for addressing this in the recent Patch
1
11
58
@TecR0c
Rocco Calvi
@TecR0c
2 years
I must admit that GitHub Copilot + VSCode + vscodevim is way better than just VIM when doing dev
5
4
51
@TecR0c
Rocco Calvi
@TecR0c
11 months
Rolling with the goods. Thanks @POC_Crew 🙏🏼😀 #POC2023
Tweet media one
4
0
43
@TecR0c
Rocco Calvi
@TecR0c
1 year
Discovered a Microsoft Excel Remote Code Execution vulnerability: CVE-2023-24953 🚨 Now patched in MS May Patch Tuesday :-> Thanks @msftsecresponse in addressing this vulnerability!
2
5
36
@TecR0c
Rocco Calvi
@TecR0c
1 year
Scored some nice swag thanks to @msftsecresponse
Tweet media one
1
0
35
@TecR0c
Rocco Calvi
@TecR0c
1 year
Landed some sweet @GoogleVRP bugs in #hardpwn at @hardwear_io with @sickcodes 😃 had lots of fun and met hardcore hardware hackers!
Tweet media one
3
1
33
@TecR0c
Rocco Calvi
@TecR0c
11 months
Fascinating MSMQ talk by @guhe120 , @KeyZ3r0 , & @4zure9 on their msrc CVEs. Their exploitation is very clever bypassing all mitigations on latest Windows. Brilliant work! #POC2023
Tweet media one
0
2
37
@TecR0c
Rocco Calvi
@TecR0c
11 months
Im off to Seoul for the technical @POC_Crew Conference! Skilled in vulnerabilities? Let's connect over some Soju and geek out! 🥃
Tweet media one
1
2
34
@TecR0c
Rocco Calvi
@TecR0c
2 years
Tweet media one
0
5
32
@TecR0c
Rocco Calvi
@TecR0c
2 years
Had a great time at the pre-BlueHat event @MSFTBlueHat looking forward to the kick off tomorrow 😎
Tweet media one
1
2
32
@TecR0c
Rocco Calvi
@TecR0c
3 years
Fantastic talk by @0xdidu at @BlueHatIL with her fuzzer Hyntrospect used on Microsoft Hyper-V
Tweet media one
2
5
28
@TecR0c
Rocco Calvi
@TecR0c
3 years
I liked the way they bypassed ASLR in this exploit by @5aelo and @i41nbeer
Tweet media one
0
1
28
@TecR0c
Rocco Calvi
@TecR0c
2 years
#blackhat2022 with @steventseeley !
Tweet media one
0
0
26
@TecR0c
Rocco Calvi
@TecR0c
1 year
Achievement Unlocked: Microsoft Most Valuable Researcher Badge! Thanks @msftsecresponse !
Tweet card media
2023 MVR Volume Badge was issued by Microsoft Security to Rocco Calvi.

Digital badges highlight researchers’ accomplishments throughout a program period and can be shared on professional profiles and social media such as LinkedIn and Twitter. Congratulations on being...

www.credly.com
1
1
30
@TecR0c
Rocco Calvi
@TecR0c
1 year
At the Meta Bug Bounty Researchers Conference this week !!
Tweet media one
2
0
26
@TecR0c
Rocco Calvi
@TecR0c
1 year
Discovered 3 0day vulnerabilities in Ashlar-Vellum Graphite ( #CVE -2023-34306, #CVE -2023-34307, #CVE -2023-34308) leading to Remote Code Execution, scoring 7.8 on the CVSS scale.
1
6
25
@TecR0c
Rocco Calvi
@TecR0c
2 years
Giving PDF-XChange a good spanking :-> #RCE
Tweet media one
3
2
24
@TecR0c
Rocco Calvi
@TecR0c
11 months
Great start to #POC2023 with @mj0011sec 's keynote on vulnerability research, complete with insights from the Cyber Kunlun experience.
Tweet media one
0
4
24
@TecR0c
Rocco Calvi
@TecR0c
3 years
I must say, I do enjoy reverse engineering firmware with Ghidra
1
2
23
@TecR0c
Rocco Calvi
@TecR0c
2 years
[CVE-2022-3567] Adobe Acrobat Reader DC Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This work was in partnership with @thezdi
0
3
21
@TecR0c
Rocco Calvi
@TecR0c
2 years
Fuzzing on Windows with strong perf !
Tweet media one
1
2
21
@TecR0c
Rocco Calvi
@TecR0c
2 years
Microsoft patched two of my MS Office vulnerabilities, Microsoft Excel Information Disclosure Vulnerability (CVE-2022-41105) and Microsoft Word Information Disclosure Vulnerability (CVE-2022-41061), during this month’s Patch Tuesday :-)
0
3
19
@TecR0c
Rocco Calvi
@TecR0c
1 year
Looks like we are hitting some nice code :-D #DoubleFree
Tweet media one
1
0
19
@TecR0c
Rocco Calvi
@TecR0c
2 years
Thank you @msftsecresponse 🙏 See you other hackers there! DM me if you want to catchup #msrc #bughunting #researcher
Tweet media one
0
0
19
@TecR0c
Rocco Calvi
@TecR0c
2 years
No. 36 in the #MSRC Leaderboard for 2022 Q1 CVEs coming soon! Thanks @msftsecresponse :-D
Tweet media one
0
1
17
@TecR0c
Rocco Calvi
@TecR0c
1 year
Wrapped up at @offensive_con and it was a blast with a treasure trove of groundbreaking technical content. Reconnecting with old friends while embracing new connections truely enriched the experience. The exceptional talent that this event attracts never fails to impress 🚀💻
1
2
19
@TecR0c
Rocco Calvi
@TecR0c
1 year
Headed to #OffensiveCon in Germany, the highly technical security conference on offensive security. DM me to grab a coffee or chat about bugs. See you there!
2
1
19
@TecR0c
Rocco Calvi
@TecR0c
2 years
Sorry but no I don't want to buy your vulnerable router 🙃
Tweet media one
1
0
18
@TecR0c
Rocco Calvi
@TecR0c
2 years
@sourceincite @steventseeley install the vscode highlight-words extension. It’s so helpful for static code auditing !
1
1
17
@TecR0c
Rocco Calvi
@TecR0c
1 year
Thanks @TrenchantARC for the awesome gift 👌🏼
Tweet media one
1
0
16
@TecR0c
Rocco Calvi
@TecR0c
1 year
Had to do it for @Twitter 😅
Tweet media one
1
0
16
@TecR0c
Rocco Calvi
@TecR0c
3 years
Good to see you popping that shell mate with your 0day on MS exchange @steventseeley 💪🏼 #Pwn2Own
1
1
12
@TecR0c
Rocco Calvi
@TecR0c
8 years
And then there was #0day complete pwnage of China #SCADA software
1
7
15
@TecR0c
Rocco Calvi
@TecR0c
3 years
😎 @aflplusplus
Tweet media one
0
1
14
@TecR0c
Rocco Calvi
@TecR0c
11 months
@thezdi @vcslab Congrats Team @vcslab on winning #Pwn2Own Toronto 2023! Kudos to all teams and researchers for their outstanding work! Was fun to watch :-)
0
1
14
@TecR0c
Rocco Calvi
@TecR0c
1 year
Rolling with the MSRC MVP goods #MSFTBlackHat @msftsecresponse
Tweet media one
0
0
14
@TecR0c
Rocco Calvi
@TecR0c
3 years
The @sourceincite #FSWA training from @steventseeley was simply badass! Highly recommend anyone who wants to learn the latest techniques in getting webshells on hard targets ;-)
0
3
13
@TecR0c
Rocco Calvi
@TecR0c
5 years
Another amazing year at @HITBGSEC getting to see old friends and watching amazing talks from leaders in the industry like @k8em0 @marcwrogers @therealsaumil etc. One of my favourite cons!
0
1
11
@TecR0c
Rocco Calvi
@TecR0c
1 year
Just watched @r3no ’s introduction at @hexacon_fr . Great insights on the vulnerability research landscape. So many wise words 👏🧙🏼‍♂️ #Hexacon2023
Tweet media one
0
0
13
@TecR0c
Rocco Calvi
@TecR0c
5 years
Great initiative and support by @HITBPlus and @crowdfense for our industry. Can’t wait for the findings to be published. #HITBCyberWeek
Tweet media one
0
5
12
@TecR0c
Rocco Calvi
@TecR0c
3 years
@Adobe has patched @steventseeley and my bugs known as CVE-2021-44713 and CVE-2021-44715 that we identified during preparation for @TianfuCup
@steventseeley
ϻг_ϻε
@steventseeley
3 years
Adobe patched CVE-2021-44713 CVE-2021-44715 which were some left over bugs from prepping for Tianfu found by @TecR0c and I :->
0
1
21
0
2
12
@TecR0c
Rocco Calvi
@TecR0c
1 year
Excited to be in Paris for #HEXACON2023 @hexacon_fr ! If you’re as passionate about VR as I am, I'd love to connect while I’m here. 🇫🇷🗼
0
1
11
@TecR0c
Rocco Calvi
@TecR0c
2 years
Nothing beats a pizza from Roma #italy 🤤🤤
Tweet media one
3
0
9
@TecR0c
Rocco Calvi
@TecR0c
3 years
Turning into a system build expert thanks to #fuzzing hard targets
0
0
11
@TecR0c
Rocco Calvi
@TecR0c
1 year
@msftsecresponse Congrats to all the security researchers!
0
1
11
@TecR0c
Rocco Calvi
@TecR0c
2 years
Hacking and listening to music. How can you not love this industry
0
0
11
@TecR0c
Rocco Calvi
@TecR0c
1 year
@offensive_con feels good to be back 👊🏼
Tweet media one
0
1
11
@TecR0c
Rocco Calvi
@TecR0c
4 years
My ride for today 😎🏎 #Ferrari #Racing #track
Tweet media one
2
0
9
@TecR0c
Rocco Calvi
@TecR0c
3 years
Can’t wait for the Full Stack Web Attack (FSWA) Training Course 2021 next month! @sourceincite
1
1
11
@TecR0c
Rocco Calvi
@TecR0c
3 years
Rolling with @binance at #BinanceBlockchainWeek !
Tweet media one
1
0
8
@TecR0c
Rocco Calvi
@TecR0c
1 year
@pedrib1337 I always do both methods to maximise my potential to uncover bugs
1
0
9
@TecR0c
Rocco Calvi
@TecR0c
1 year
Wishing strength and peace to everyone affected by today's events with this Israel-Gaza war
0
0
10
@TecR0c
Rocco Calvi
@TecR0c
2 years
When you know you roll with the right crowd 🏴‍☠️
Tweet media one
0
0
9
@TecR0c
Rocco Calvi
@TecR0c
9 years
New #phrack article out! http://t.co/MNpDHdOq2h
0
9
8
@TecR0c
Rocco Calvi
@TecR0c
2 years
All booked for @MSFTBlueHat ! Hit me up if your in Seattle and want to catch up :-)
1
0
6
@TecR0c
Rocco Calvi
@TecR0c
2 years
what do people like using when auditing C#. DNSpy, dotPeek or ReSharper?
5
2
7
@TecR0c
Rocco Calvi
@TecR0c
1 year
@msftsecresponse Thank you so much MSRC 😃
0
0
1
@TecR0c
Rocco Calvi
@TecR0c
1 year
@fromsteph2u @Cyb3rWard0g @ram_ssk @DrAzureAD @nicfill @tiraniddo @dwizzzleMSFT @sickcodes @ajohnsocyber @secbughunter @nchlgpt @Hperalta89 @Kym_Possible @_dirkjan @ja_wreck @spantzel Feeling special being amongst hardcore bug hunters <3
1
0
8
@TecR0c
Rocco Calvi
@TecR0c
1 year
@msftsecresponse Thanks :-D
0
0
0
@TecR0c
Rocco Calvi
@TecR0c
10 months
Setting the vibe for decompiled code review with ‘Lonely Butterfly’ by Stanislav Sqai. 🎶 Perfect for those deep dive hacking sessions!
Tweet card media
Lonely Butterfly

Stanislav Sqai · The Drug Racer · Song · 2019

open.spotify.com
0
0
8
@TecR0c
Rocco Calvi
@TecR0c
11 months
@haxor31337 Awesome work @vcslab ! The bugs you found were impressive. You should be super proud of your achievements. Keep hacking!
0
0
6
@TecR0c
Rocco Calvi
@TecR0c
3 years
On the way to @BlackHatEvents and @defcon can’t wait to see and hang out with all my hacker friends after so long!!! :)
0
0
7
@TecR0c
Rocco Calvi
@TecR0c
1 year
@steventseeley @InductiveAuto Such a shame as the pre-auth RCE bugs in question are quite remarkable! They required lots of out of the box thinking and we validated their impact through working PoCs leading to high merit of 9.8 CVSS for each!
0
1
7
@TecR0c
Rocco Calvi
@TecR0c
3 years
Enjoying the high quality talks on fuzzing like always! #FuzzConEurope
0
0
6
@TecR0c
Rocco Calvi
@TecR0c
3 years
2 widely deployed software under test. 1 Linux program and 1 Windows program. Multiple input vectors getting hit. 90 instances in total. Let’s watch the bugs fall #fuzzhard
0
0
7
@TecR0c
Rocco Calvi
@TecR0c
3 years
It’s time for @BlueHatIL !!
Tweet media one
1
0
6
@TecR0c
Rocco Calvi
@TecR0c
3 years
Time to watch the Matrix Resurrections in Gold Class 😃
Tweet media one
1
0
6
@TecR0c
Rocco Calvi
@TecR0c
5 years
@wireghoul @HITBSecConf @marcwrogers @k8em0 @WillCaruana @l33tdawg @tiraniddo @beist @kernelpool Always great to meet top people in the industry and hang out with my favourite hackers
0
1
6
@TecR0c
Rocco Calvi
@TecR0c
5 years
Highly recommend @josh_watson awesome automation with Binary Ninja training. Amazing class with loads of helpful info and tricks!
0
0
6
@TecR0c
Rocco Calvi
@TecR0c
3 years
Flights are booked for @offensive_con :-D ! See you hackers soon
0
0
6
@TecR0c
Rocco Calvi
@TecR0c
3 years
Just landed in Berlin for @offensive_con !! 🛬
0
0
5
@TecR0c
Rocco Calvi
@TecR0c
2 years
@steventseeley Landing RCEs in MSOffice products last year :->
2
1
5
@TecR0c
Rocco Calvi
@TecR0c
8 years
Very cool hacker atmosphere #EkoParty #eko12
Tweet media one
0
3
5
@TecR0c
Rocco Calvi
@TecR0c
11 months
@edwardzpeng Amazing research. It was really great to meet you both :-D
0
0
4
@TecR0c
Rocco Calvi
@TecR0c
2 years
@nchlgpt @x1m_martijn @callum_infosec @sagitz_ @VikzSharma @hardik05 @waleedassar @_dirkjan @tiraniddo @steventseeley @nirohfeld @layakk @DrAzureAD @sickcodes @Cyb3rWard0g Thank you @nchlgpt ! It was so nice to meet you and the rest of the msrc team. Was great fun. Looking forward to continue working with you guys!
0
0
5
@TecR0c
Rocco Calvi
@TecR0c
3 years
Can’t wait to see all the hacker friends tomorrow at @HITBSecConf after so long!
1
0
5
@TecR0c
Rocco Calvi
@TecR0c
3 years
Nothing beats having a Saturday morning @l33tdawg coffee for hackers by hackers before a 0day hunting sess ;-)
Tweet media one
0
4
5
@TecR0c
Rocco Calvi
@TecR0c
5 years
@infernosec Exactly what papers and new fuzzers need. A proper benchmark. Thanks @infernosec
0
0
5
@TecR0c
Rocco Calvi
@TecR0c
8 years
Last day as a pentester! W00t. Bring on full time research/bug hunting!
0
0
5
@TecR0c
Rocco Calvi
@TecR0c
2 years
Finally get to catch @orange_8361 talk :-) #DEFCON30
Tweet media one
0
1
5
@TecR0c
Rocco Calvi
@TecR0c
2 years
Don’t miss out. The training has high quality material that will make you sharp at bug hunting and capable of exploiting hard targets!
@sourceincite
Source Incite
@sourceincite
2 years
We still have some tickets available (including student tickets) for our Full Stack Web Attack class next month. This is a LIVE training w/ trainers that have nearly 25 years of combined security research experience! Don’t miss out! #PopThyShell #FSWA
1
9
20
0
2
5
@TecR0c
Rocco Calvi
@TecR0c
8 years
We will make winword great again!
Tweet media one
0
2
4
@TecR0c
Rocco Calvi
@TecR0c
3 years
#fuzzing at @ForAllSecure
@thedavidbrumley
David Brumley
@thedavidbrumley
3 years
Tweet media one
2
0
21
0
0
4
@TecR0c
Rocco Calvi
@TecR0c
9 years
Fuzzing can be so pretty at times. http://t.co/fBRJt7bge5
Tweet media one
1
2
4
@TecR0c
Rocco Calvi
@TecR0c
11 months
@thezdi Very nice. Congrats !
0
0
1
@TecR0c
Rocco Calvi
@TecR0c
14 years
Exploit writing tutorial 10 released : http://bit.ly/aPCBA8 - Chaining DEP with ROP - spread the word !
0
4
4
@TecR0c
Rocco Calvi
@TecR0c
4 years
@corelanc0d3r I don’t think the material out there will affect the Corelan bootcamp signups with the knowledge and execution that you bring with teaching the class. I will make sure I report it if I see it being shared out there!
2
0
4