Eight years ago today, I started STAR Labs by hiring several fresh grads with no working experiences. Today, I stand here with a different group of faces. Some of you were there from the beginning. Some of you joined along the way. Some of you just started last month. And some of the people who were here… weren’t anymore. Not because they failed. Not because we failed them. But because life called them in different directions....
Most will talk about the success in their year-end posts. Great. Nobody talks about the failures. Nobody talks about what ACTUALLY happened. Well, we are going to tell you about OUR STORY - the success AND the failures. The whole thing. Because that’s how we actually learn…from our own mistakes. So here it is, UNFILTERED. Buckle up. PWN2OWN 2025 BERLIN & IRELAND We could only bring one of our interns, Gerrard Tai, along with us to Pwn2Own....
× HEX ADVENT 2025: Crack the Advent, Conquer the Threat 🐛 Last chance to register! Registration closing on 20 Dec 2025, 09:00 SGT! WELCOME TO HEX ADVENT 2025, ‘tis the season to Unwrap Your Potential! 🎁 HEX ADVENT 2025 is a Christmas-themed CTF Advent Calendar, designed for women, by women. What to Expect 12 Days, 12 Challenges: A structured schedule to build mastery across different CTF categories....
Information This is a solo CTF event open to women residing in Singapore or Malaysia. To register and be eligible for the prizes: Register on CTFd, and select the “eligible” bracket. Confirm your eligibility by filling in the Google Form. The flag format is described by this regex: /^HEX{.*}$/ There are a total of 12 challenges. One challenge will be released each day at 09:00 SGT within the period of 1 December 2025 to 12 December 2025....
The Target: Brother MFC-J1010DW Affected Models: Brother Printer MFC-J1010DW Vulnerable Firmware: Version <= 1.18 TL;DR: The Vulnerability Chain We discovered three vulnerabilities that when chained together, allow for complete remote compromise: Authentication Bypass via SNMP - Retrieve the printer’s serial number without authentication, allowing attackers to derive the default admin password Unauthenticated Firmware Rollback - Downgrade to vulnerable firmware versions over the network, no credentials required Buffer Overflow via Referer Header - Execute arbitrary code by crafting malicious HTTP headers The result?...
TL;DR 🚀 We’re turning a simple compression library into a shell delivery service! This writeup exploits a buffer overflow in lz1/lz77 decompression by crafting malicious compressed data that overflows the stack and chains ROP gadgets for code execution. Ever wondered how a simple file compression tool could hand you the keys to a system? Well, buckle up because we’re about to turn andyherbert’s innocent lz1 compressor into our personal shell delivery service!...
Last month, Jacob asked me to create a CTF challenge for the Summer Pwnables event. I went with a kernel pwnable since my goal was to teach students some more advanced Linux kernel exploitation techniques - something that wouldn’t get solved in a day (and hopefully not by AI either). After building both the challenge and solution, I figured students should be able to crack it within 3-7 days. Turns out I was right about the timeline, but only one person actually solved it....