starlabs
@starlabs_sg
A Singapore company that discovers vulnerabilities to help customers mitigate the risks of cyber attacks. Organisers of @offbyoneconf
Proud of our team’s Top 100 achievement! Kudos to @cplearns2h4ck & @KaligulaSec for their contributions and dedication to responsible disclosure. 88 is a pretty auspicious number too. 🥳
Our previously published Most Valuable Researchers (MVR) leaderboard contained inaccuracies due to technical issues on our end. We apologize for the error and have since resolved the issue. We’re now sharing a fully refreshed and accurate leaderboard. The Microsoft Researcher…
CASE CLOSED: CVE-2025-29824 0 public samples, 0 information Suspect: Windows CLFS driver Crime: UAF leading to Privilege Escalation Status: ACTIVELY EXPLOITED ITW Investigation: Debugged and documented Case files: starlabs.sg/blog/2025/07-m… Done by our intern, Ong How Chong
One of our current intern, @goatmilkkk shared his Chrome-atic escape adventure using CVE-2024-30088 Epic obstacles documented in it too! starlabs.sg/blog/2025/07-f…
Our researchers, @KaligulaSec & @cplearns2h4ck were credited for 4 vulnerabilities in Microsoft this month. Huge congratulations to both of them for their exceptional work. 👏 msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v…
@offbyoneconf 2025 Day 2 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and comment! lnkd.in/geDcTSsr
The Day 2 videos are finally out 🥳🥳
@offbyoneconf 2025 Day 2 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and comment! lnkd.in/geDcTSsr
@offbyoneconf 2025 Day 1 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and comment! lnkd.in/gi5jQBi4
The Day 1 videos are finally out 🥳🥳
@offbyoneconf 2025 Day 1 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and comment! lnkd.in/gi5jQBi4
When life gives you tangerines🍊 Intern Lin Ze Wei's task: Port a 2-bug exploit to Pixel 6 Pro Problem: One bug "doesn't work" Solution: Make it work with 1 bug Sometimes the best research comes from working with what you think you have starlabs.sg/blog/2025/06-s…
After almost 8 months of coordinated disclosure, vulnerabilities in Trend Micro Apex Central discovered by our former colleague @Chocologicall have been resolved! ZDI advisories: ZDI-25-295, ZDI-25-296, ZDI-25-297, ZDI-25-236, ZDI-25-237
After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to @st424204, @n0psledbyte, @Peterpan980927 & @rainbowpigeon_ CVE-2025-23095 to CVE-2025-23107 📍 semiconductor.samsung.com/support/qualit…
"Why is my exploit taking 10 minutes?" *checks logs* *sees 10,000 kernel warnings* "...oh" 💡 Fresh Friday night read: our intern, Tan Ze Jian, on Mali exploitation - sometimes the fix is simpler than you think! starlabs.sg/blog/2025/05-g…
Pwn2Own Berlin 2025 comes to a close. We awarded $1,078,750 for 28 unique 0-days. Congrats to @starlabs_sg for winning Master of Pwn with $320,000. Thanks to @offensive_con for hosting, and thanks to all who participated. Can't wait to see you next year! #Pwn2Own #P2OBerlin
Big shoutout to @hi_im_d4rkn3ss & @gerrard_tai for flying over & represent us To our 1st-timers Gerrard @cplearns2h4ck @MochiNishimiya for the awesome work To @n0psledbyte & @st424204 for guiding the next gen & @_piers2 @bruce30262 who are part of it Lets continue trying #Pwn2Own
Confirmed!! Dung and Nguyen (@MochiNishimiya) of STARLabs used a TOCTOU race condition to escape the VM and an Improper Validation of Array Index for the Windows privilege escalation. They earn $70,000 and 9 Master of Pwn points. #Pwn2Own
Confirmed! Gerrard Tai of STAR Labs SG Pte. Ltd used a Use-After-Free bug to escalate privileges on Red Hat Enterprise Linux. Their third-round win earns them $10,000 and 2 Master of Pwn points.
Outstanding! Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG used a single integer overflow to exploit #VMware ESXi - a first in #Pwn2Own history. He earns $150,000 and 15 Master of Pwn points. #P2OBerlin
Nicely done! Billy (@st424204) and Ramdhan (@n0psledbyte) of STAR Labs used a UAF in the Linux kernel to perform their Docker Desktop escape and execute code on the underlying OS. They earn $60,000 and 6 Master of Pwn Points.
Confirmed! Chen Le Qi (@cplearns2h4ck) of STARLabs SG combined a UAF and an integer overflow to escalate to SYSTEM on #Windows 11. He earns $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OBerlin
Just dropped a blog post on a fun bug that our (former since it's reported long long time ago) intern, Devesh Logendran found in Visual Studio Code <= 1.89+ We hope you will have fun reading it. starlabs.sg/blog/2025/05-b…