Peng, JIAN-LIN

About

Jian-Lin Peng, aka YingMuo (@YingMuo), is a security researcher at DEVCORE. His work primarily focuses on IoT, macOS kernel and hypervisor security. He has participated in Pwn2Own competitions 2 times, successfully compromising QNAP NAS. He was also a speaker at HITCON PEACE 2022 and DEVCORE CONFERENCE 2024.

Speaking Topics & Expertise

Areas of Expertise

IoT Security

Vulnerability Research

Bug Bounty

Presentation Types

Technical Talk

Audience Types

Security Professionals

Product Security Teams

Researchers

Speaking History

2025

Returned to QNAP TS-464 at Pwn2Own and Pwned It Again!

AVTOKYO2025

November 23, 2025

Tokyo

Have you ever thought about using Windows File Explorer to pwn QNAP TS-464?

At Pwn2Own 2024 Ireland, we pwned QNAP TS-464 with several vulnerabilities in SAMBA achieving pre-auth RCE. Unlike the previous engagement when we worked up to the deadline, we identified a distinct vulnerability and gain RCE via Windows File Explorer within three days.

In this talk, we will explain the details of root causes and exploit chain.