starlabs @starlabs_sg
A Singapore company that discovers vulnerabilities to help customers mitigate the risks against the ever-evolving threat of cyber attacks. starlabs.sg Singapore Joined September 2018-
Tweets204
-
Followers7K
-
Following16
-
Likes164
During the 2nd day of #Pwn2Own Vancouver 2024, our researcher @hi_im_d4rkn3ss successfully demonstrated his VMware Workstation exploit. 🥳🥳👍🏼
During the 2nd day of #Pwn2Own Vancouver 2024, our researcher @hi_im_d4rkn3ss successfully demonstrated his VMware Workstation exploit. 🥳🥳👍🏼
Our researchers @st424204 & @tuanit96 & @n0psledbyte are also successful in their LPE attempt in Ubuntu at #Pwn2Own Vancouver 2024, 🥳🥳👍🏼
Our researchers @st424204 & @tuanit96 & @n0psledbyte are also successful in their LPE attempt in Ubuntu at #Pwn2Own Vancouver 2024, 🥳🥳👍🏼
During the 2nd day of #Pwn2Own Vancouver 2024, our researchers @st424204 & @tuanit96 & @n0psledbyte successfully demonstrated their Docker Escape. 🥳🥳👍🏼
During the 2nd day of #Pwn2Own Vancouver 2024, our researchers @st424204 & @tuanit96 & @n0psledbyte successfully demonstrated their Docker Escape. 🥳🥳👍🏼
Route to Safety: Navigating Router Pitfalls is the swansong from @daniellimws starlabs.sg/blog/2024/rout… We hope everyone enjoyed his informative post and wish him all the best in his future endeavours.
An Interesting bug/issue found by our team member @CurseRed 🥳👍🏼👏🏼 Hopefully we will be allowed to share the details.
CLS Level 4 device? It's rather late but if you are using SingTel's RT5703W. Do apply your patches as our team member, @daniellimws found some exploitable bugs on it. singtel.com/personal/suppo… We will share more details next week.
We are organising a conference on 26th - 27th June 2024 Attention Speakers: Our 2024 Call for Papers is now open! #OffByOne2024? Learn all about it: offbyone.sg/cfp/
Great work by our team members. We saw that Apple updated list & our team member, @peternguyen14 is credited for CVE-2023-42928 support.apple.com/en-us/HT213982 He was also credited recently with another team member, @Peterpan980927 CVE-2023-32734 CVE-2023-32441 support.apple.com/en-us/HT213841
Wish everyone a Happy and Prosperous Lunar New Year! 恭喜发财 岁岁平安 财源广进 Design is done by our team member @buttburner
Another awesome finding by our team member @Creastery We want to thank @GitHubSecurity for resolving this so quickly amid the holidays period. github.blog/2024-01-16-rot…
CVE-2024-21318 is post-auth RCE in Sharepoint. Please patch it if you are using it. It is found by our team member, @testanull Somehow the acknowledgment got mixed up again. 👀 msrc.microsoft.com/en-US/security…
Wishing everyone Merry Christmas 🎄 and we hope the magic of Christmas fills every corner of your heart and home with joy — now and always. Drawing is done by our team mate @buttburner
Great to see that some of the bugs that we reported to ICS vendors had been fixed. Thanks to @Peterpan980927 & @CurseRed for CVE-2023-6358 industrial.softing.com/services/secur… And @testanull for CVE-2023-39474 support.inductiveautomation.com/hc/en-us/artic… More to come soon.
Oh we missed out 3 more advisories from our member @Creastery starlabs.sg/advisories/23/… starlabs.sg/advisories/23/… starlabs.sg/advisories/23/…
Oh we missed out 3 more advisories from our member @Creastery starlabs.sg/advisories/23/… starlabs.sg/advisories/23/… starlabs.sg/advisories/23/…
Zyxel fixed another bug (CVE-2023-35136) reported by our team member, @linhlhq Like some of our previously reported Zyxel bugs, it is exploitable in LAN side. Update your Zyxel Firewall ASAP. Kudos to @_L4ys & @atdog_tw from @TrapaSecurity too zyxel.com/global/en/supp…
Several Chamilo RCE detailed analysis from our team member, @Creastery Patches available since September 2023. starlabs.sg/advisories/23/… starlabs.sg/advisories/23/… starlabs.sg/advisories/23/… starlabs.sg/advisories/23/… starlabs.sg/advisories/23/… starlabs.sg/advisories/23/…
Our team member @cplearns2h4ck is sharing his exploration of CVE-2021-31969. Learn about the exploitation of the bug and possibly other variants on the blog. starlabs.sg/blog/2023/11-e…
Our team members have spotted another fake account imposing as our team member. This is the fake account: linkedin.com/in/%E6%8C%AF%E… This one belongs to our team member. linkedin.com/in/zhenpeng-pa…
The owner of this account never interned with us. This is probably the 3rd time we saw people doing this.
0xor0ne @0xor0ne
55K Followers 526 Following | CyberSecurity | Reverse Engineering | C and Rust | Exploit | Linux kernel | PhD | My Tweets, My Opinions :) |Intigriti @intigriti
155K Followers 644 Following Global Bug Bounty & VDP Platform. 🌐: https://t.co/fgCupJckrW ▶️: https://t.co/lRfCzZBgb7 👾: https://t.co/Inf7N9VQIlSam Curry @samwcyo
77K Followers 949 Following Hacker, bug bounty hunter. Run a blog to better explain web application security.LiveOverflow 🔴 @LiveOverflow
142K Followers 1K Following wannabe hacker... he/him 🌱 grow your hacking skills @hextreeioϻг_ϻε @steventseeley
21K Followers 519 Following Hermetic Initiate. Exploring conscience and the nature of reality. I also hack things. @[email protected]Alex Plaskett @alexjplaskett
9K Followers 590 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Tweets about 0day, OS, mobile and embedded security.Tuan Anh Nguyen 🇻�.. @haxor31337
13K Followers 2K Following 28 y/o Bug Bounty Hunter and Red Teamer at Viettel Cyber Security. Brand Ambassador @Hacker0x01 - Researcher Spotlight @Bugcrowdcrazyman_army @CrazymanArmy
6K Followers 3K Following CTFer / APT hunter / RedTeam / BlueTeam the member of @r3kapig the leader of @ShadowChasing1 CVE-2022-30190 find job opportunities opinions are own not groupJulien | MrTuxracer �.. @MrTuxracer
30K Followers 418 Following Freelancer | Full-time #BugBounty | @Hacker0x01 H1-Elite & $1,500,000 Hacker | ❤️ IDA Prokmkz @kmkz_security
18K Followers 1K Following Offensive Security fanatic, Offsec Team lead... pom-pom girl? Who fuckin' cares ??kylebot @ky1ebot
5K Followers 315 Following CTF player @Shellphish | PhD Student @ASU | @angrdothorse dev | Author of how2heap | Vulnerability Research Hobbyist | @[email protected]Bien Pham 🇻🇳 @bienpnn
4K Followers 398 Following P (Million Live!) / LoveLiver / Shihainin hackerman at @qriousec & @ProjectSEKAIctf traveling around the world (mostly to 🇯🇵) Tiếng Việt / English / 日本語 范阮玉邊Pham Khanh @rskvp93
1K Followers 286 Following Security Engineer at @calif_io. Winner of Pwn2own Vancouver 2021, Torento 2022, Vancouver 2023. MSRC top 100 2019,2020,2021.spaceraccoon | Eugene.. @spaceraccoonsec
21K Followers 293 Following Here to learn! Infosec@Open Government Products | White Hat && SecOpsSinSinology @SinSinology
4K Followers 498 Following Pwn2Own 20{22,23,24}, i look for 0-Days but i find N-Days & i chase oranges 🍊blackorbird @blackorbird
28K Followers 600 Following Peace and Love. Just Analysis/Hunter. #APT #threatIntelligence #Exploit Need Jobyagyuu @yagyuu37316
0 Followers 113 FollowingBalkrishna Jadhav @hacker3j
737 Followers 5K Following Senior Threat Intelligence @ Cyble |Forensicator|MindHunter| Revolutionist|Innovator|Malwarologist|CryptoMind|Espionage|Mentalist|Subconscious|InventorHuzaifa @Huzaifashahid98
0 Followers 70 FollowingJustice de France @kbNoRBWuY3H8Y9V
2 Followers 218 FollowingRichard Roy @unresolvedhost
49 Followers 933 Following Detection Engineer | Splunk Developer | Security AnalystAhmed Eltaher @ahmedheltaher
7 Followers 117 FollowingSocarates @AthenaWisdom13
1 Followers 171 FollowingQirui @Qirui28124
72 Followers 1K Followingkarma @karmaX8080
120 Followers 644 Following retweets are my reading wishlist | threat research and these days into detection engineeringMohammad Asadi @MohammadAs94639
8 Followers 147 Following10deepallday @elijahmelvingin
46 Followers 5K FollowingOluwatosin Emmanuel A.. @tosetech
6 Followers 3K Following Tech consultant | Cyber analyst | Digital forensics investigator | CISO | Software quality assurance engineer | #TechExpert #CyberSecurity #DigitalForensicshamuwdi alrabiei @msww55
12 Followers 161 FollowingAlo @Hal90910
0 Followers 2K FollowingLGN @LGN21493426
1 Followers 18 FollowingMetaY @yyinparis
773 Followers 2K Following Innovation in creative industry | https://t.co/crzqfs0OjI | https://t.co/j2waQMuwIm | Venture Builder Social gaming @TGGAMES_AppAli @syncwithali
61 Followers 172 Followinglucky @lucky5502118041
0 Followers 166 Followingsaad saif @saadsai78905582
11 Followers 106 Following Master information system/ E-commerce developerjason_gardner @iamtherealjason
52 Followers 246 Following I love computers, coffee and cats...this account doesn’t reflect anybody’s views, ideas or opinions but those of the real Jason GardnerNghi Vi @NghiVi1
20 Followers 104 Followingbot @securit31482176
8 Followers 232 FollowingAryb1n @aryb1n
33 Followers 138 Followingjack @jackestax
1 Followers 34 FollowingĐặng Nhật Trình.. @trinhdn97
33 Followers 281 Following Builder at @BuildOnViction. Interested in layer 1/2 and smart contract security. GitHub: https://t.co/4aRjZkjDTpuser31fibcxw2 @user31fibcxw2
0 Followers 549 FollowingWayne @ssh_rootAlpine
0 Followers 53 FollowingImmanuel @dev_Rotinuel
99 Followers 376 FollowingS1ddh @S1ddh_
9 Followers 165 Followingwisdom michael @wisemike2u
3 Followers 15 FollowingLê Văn Chinh @Vn_sou1
0 Followers 18 Followinggoub⁶⁶⁶ @goub666
0 Followers 1K FollowingDJ @DJHuang22
2 Followers 68 Following Computers are my passion. Future Cybersecurity specialist. Student/CTFerAnass Baya @AnassBaya5
1 Followers 28 FollowingKhang Tran 🇻🇳 @khangkito
283 Followers 339 Following Security Researcher @starlabs_sg Pwn2Own Miami 2023 0rcinus 0rc4 Honey badgerpeterpan0927@infosec... @Peterpan980927
2K Followers 347 Following Mobile Security Researcher @starlabs_sgSarah Isabel Tan @buttburner
412 Followers 602 Following Creative Lead.🐉🇸🇬 Vis Dev, Illustration and Toy Design. Creator of Darumao!Jia Hao @Chocologicall
478 Followers 263 Following Web Security Researcher @starlabs_sg | Patience is a virtue. Every puzzle has an answer. | Opinions expressed are of my own.Ngo Wei Lin @Creastery
865 Followers 489 Following www = web web web · Senior 🌐 Security Researcher @starlabs_sg Plays CTFs with HATS SG. Opinions are my own.Billy @st424204
927 Followers 90 Following Security Researcher @starlabs_sg Pwn2Own Vancouver 2024,2023,2022,2021 Pwn2Own Austin 2023,2021Jiantao Li @CurseRed
2K Followers 371 Following Security Researcher @starlabs_sg , playing CTF with @r3kapigRamdhan @n0psledbyte
1K Followers 780 Following CTF @SuperGuesser (pwn), Security Researcher @starlabs_sgĐỗ Minh Tuấn @tuanit96
297 Followers 161 Following Pwnable warrior, web ninja, CTF - scoreboard refresher, ... at BabyPhDThach Nguyen Hoang �.. @hi_im_d4rkn3ss
2K Followers 293 Following Security Researcher @starlabs_sg. Pwn2Own Mobile 2020, 2021, 2022, 2023. Pwn2Own Vancouver 2022, 2023.@thezdi @kmkz_security @_manfp @starlabs_sg fifth lah. Congrats 👏👏👏
Confirmed! STAR Labs SG's exploit of #VMware Workstation used two bugs. One is an uninitialized variable, but the other was previously know. They still win $30,000 and 6 Master of Pwn points.
Collision - STAR Labs SG successfully demonstrated their LPE on #Ubuntu desktop. However, they used a bug that was previously reported. They still earn $5,000 and 1 Master of Pwn point.
Verified! The first #Docker escape at #Pwn2Own involved two bugs, including a UAF. The team from STAR Labs SG did great work in the demonstration and earned $60,000 and 6 Master of Pwn points. #P2OVancouver
Extending a warm welcome to Dr. Sunghun Kim of the Affiliated Institute of Electronics and Telecommunications Research, South Korea and @marcograss who are joining us as experts on our Review Board. offbyone.sg/reviewboard/
Special thanks to @chudyPB, @TecR0c, @mr_me, @Creastery, @starlabs_sg, @Claroty & #team82, and @thezdi for finding & responsibly disclosing security vulnerabilities in Ignition. Fixes & full credits: bit.ly/4aytnlq
Copy ninja Kakashi 😅
Our team members have spotted another fake account imposing as our team member. This is the fake account: linkedin.com/in/%E6%8C%AF%E… This one belongs to our team member. linkedin.com/in/zhenpeng-pa…
Finding and exploiting these bugs was lots of fun! Huge thanks to the team at @starlabs_sg and especially my mentor @CurseRed for supporting me and following up with Bitrix for months afterwards!
@starlabs_sg @st424204 @testanull @hi_im_d4rkn3ss @linhlhq @tuanit96 Congrats all !
Success! STAR Labs SG was able to exploit a permissive list of allowed inputs against the Samsung Galaxy S23. They earn $25,000 and 5 Master of Pwn points. #Pwn2Own
Success! STAR Labs SG was able to execute a 2-bug chain including directory traversal and command injection against the QNAP TS-464. They earn $20,000 and 4 Master of Pwn points. #Pwn2Own
I'm a little late to the game, but this is hilarious: unauthenticated to SharePoint admin in two steps, simply by telling SharePoint to not bother with authenticating the provided JWT token. Dang, nice work by @starlabs_sg @testanull starlabs.sg/blog/2023/09-s…
@Creastery @starlabs_sg @_jsoo_ Congrats! Keep up the amazing work!
🫡🫡🫡
Congratulations to our team mates @bruce30262 @Creastery @CurseRed @linhlhq @st424204 & @testanull for making into the list. Sad to say...actually linhlhq & Jang should have more points but somehow it ended up credited to "anonymous" :( None-the-less, we are happy for them.
Honoured to be recognised as a MSRC Most Valuable Researcher this year too! 🎉 Special thanks to my @starlabs_sg teammates and my boss @_jsoo_ for their support. Hopefully we can showcase some of the cloud research we have been working on recently. 😉
Congratulations to our MSRC 2023 Most Valuable Researchers! Thank you to all the researchers who have helped secure our customers. 👏🎉 Check out our blog for the full list: msft.it/60199yOc9
HITCON Community 2023 - 議程宣傳第一彈 🚀#3「Ghosts of the Past: Classic PHP RCE Bugs in Trend Micro Enterprise Offerings」 這場議程,講者也會分享他在資安產品上發現超過 10 個漏洞的過程及原理。說明資安產品自身的安全也是相當重要的。…
It's apparently #PortfolioDay ! I like working on style guides, character design and consumer merch and product!