Jacob Soo
@_jsoo_
Founder http://starlabs.sg
To everyone who pre-ordered "From Day Zero to Zero Day" – thank you for your patience. The wait is almost over. We're in the final countdown to start shipping in early July from @nostarch (and 12 Aug officially everywhere else)! Your support has been incredible. It’s time to…
CASE CLOSED: CVE-2025-29824 0 public samples, 0 information Suspect: Windows CLFS driver Crime: UAF leading to Privilege Escalation Status: ACTIVELY EXPLOITED ITW Investigation: Debugged and documented Case files: starlabs.sg/blog/2025/07-m… Done by our intern, Ong How Chong
One of our current intern, @goatmilkkk shared his Chrome-atic escape adventure using CVE-2024-30088 Epic obstacles documented in it too! starlabs.sg/blog/2025/07-f…
Refreshing to see the whole research journey documented by @goatmilkkk Awesome work
One of our current intern, @goatmilkkk shared his Chrome-atic escape adventure using CVE-2024-30088 Epic obstacles documented in it too! starlabs.sg/blog/2025/07-f…
Our researchers, @KaligulaSec & @cplearns2h4ck were credited for 4 vulnerabilities in Microsoft this month. Huge congratulations to both of them for their exceptional work. 👏 msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v…
Awesome work by @KaligulaSec & @cplearns2h4ck . First time @KaligulaSec got credited with CVEs 🥳
Our researchers, @KaligulaSec & @cplearns2h4ck were credited for 4 vulnerabilities in Microsoft this month. Huge congratulations to both of them for their exceptional work. 👏 msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v…
@offbyoneconf 2025 Day 2 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and comment! lnkd.in/geDcTSsr
@offbyoneconf 2025 Day 1 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and comment! lnkd.in/gi5jQBi4
For everyone who's pre-ordered: which were your favourite chapters? 1) Automated Variant Analysis 🤖 2) Hybrid Binary Analysis 🔎 C) Coverage-Guided Fuzzing 💥 D) Any other chapter? nostarch.com/zero-day 🤝 Let me know!
SQL Injection despite using prepared statements? 🧐 Turns out that SQL syntax can be ambiguous! Learn how this has led to vulnerabilities in several popular PostgreSQL client libraries: sonarsource.com/blog/double-da… #appsec #security #vulnerability
The embargo (12:00 UTC 2025-06-10) is over, let's start a thread on Hydroph0bia (CVE-2025-4275), a trivial SecureBoot and FW updater signature bypass in almost any Insyde H2O-based UEFI firmware used since 2012 and still in use today. English writeup: coderush.me/hydroph0bia-pa…
When life gives you tangerines🍊 Intern Lin Ze Wei's task: Port a 2-bug exploit to Pixel 6 Pro Problem: One bug "doesn't work" Solution: Make it work with 1 bug Sometimes the best research comes from working with what you think you have starlabs.sg/blog/2025/06-s…
Sometimes the best mentorship is giving space to explore. @Peterpan980927 guided Zewei to not just solve the problem, but understand it deeply. Now i want to drink tangerine juice too :D
When life gives you tangerines🍊 Intern Lin Ze Wei's task: Port a 2-bug exploit to Pixel 6 Pro Problem: One bug "doesn't work" Solution: Make it work with 1 bug Sometimes the best research comes from working with what you think you have starlabs.sg/blog/2025/06-s…
[#POC2025 NOTICE] 20 Years. Reborn. The brand evolved - The mission remains. Welcome to a new era of POC. ⏰ Date: November 13–14, 2025 📍 Venue: Four Seasons Hotel, Seoul, South Korea 🇰🇷 🎤 CFP: June 5 – September 30 🧑💻 Training: June 5 – September 30 🎟️ Registration:…
After almost 8 months of coordinated disclosure, vulnerabilities in Trend Micro Apex Central discovered by our former colleague @Chocologicall have been resolved! ZDI advisories: ZDI-25-295, ZDI-25-296, ZDI-25-297, ZDI-25-236, ZDI-25-237
Finally! After almost 8 months, critical vulnerabilities in Trend Micro Apex Central found by our former colleague @Chocologicall are resolved. Grateful for it has finally concluded but this timeline 🙄.
After almost 8 months of coordinated disclosure, vulnerabilities in Trend Micro Apex Central discovered by our former colleague @Chocologicall have been resolved! ZDI advisories: ZDI-25-295, ZDI-25-296, ZDI-25-297, ZDI-25-236, ZDI-25-237
After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to @st424204, @n0psledbyte, @Peterpan980927 & @rainbowpigeon_ CVE-2025-23095 to CVE-2025-23107 📍 semiconductor.samsung.com/support/qualit…
I couldn't be prouder of our security research team! 13 CVEs in Samsung Exynos processors. This is what happens when you give them the freedom to push boundaries. Thankful to @st424204, @n0psledbyte, @Peterpan980927 for guiding our intern @rainbowpigeon_
After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to @st424204, @n0psledbyte, @Peterpan980927 & @rainbowpigeon_ CVE-2025-23095 to CVE-2025-23107 📍 semiconductor.samsung.com/support/qualit…
🚨🚨🚨We just broke everyone’s favorite CTF PoW🚨🚨🚨 Our teammate managed to achieve a 20x SPEEDUP on kctf pow through AVX512 on Zen 5. Full details here: anemato.de/blog/kctf-vdf The Sloth VDF is dead😵 This is why kernelCTF no longer has PoW!