Blog

TL;DR In December 2025, Cisco published https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 addressing CVE-2025-20393, a critical vulnerability (CVSS 10.0) affecting Cisco Secure Email Gateway and Secure Email and Web Manager. The advisory was notably sparse on technical details, describing only “Improper Input Validation” (CWE-20). We decided to dig deeper. Through reverse engineering and code analysis of AsyncOS 15.5.3, we uncovered the root cause: a single-byte integer overflow in the EUQ RPC protocol that bypasses authentication and chains into Python pickle deserialization — achieving unauthenticated remote code execution with a single HTTP request....

Eight years ago today, I started STAR Labs by hiring several fresh grads with no working experiences. Today, I stand here with a different group of faces. Some of you were there from the beginning. Some of you joined along the way. Some of you just started last month. And some of the people who were here… weren’t anymore. Not because they failed. Not because we failed them. But because life called them in different directions....

Most will talk about the success in their year-end posts. Great. Nobody talks about the failures. Nobody talks about what ACTUALLY happened. Well, we are going to tell you about OUR STORY - the success AND the failures. The whole thing. Because that’s how we actually learn…from our own mistakes. So here it is, UNFILTERED. Buckle up. PWN2OWN 2025 BERLIN & IRELAND We could only bring one of our interns, Gerrard Tai, along with us to Pwn2Own....

× HEX ADVENT 2025: Crack the Advent, Conquer the Threat 🐛 Last chance to register! Registration closing on 20 Dec 2025, 09:00 SGT! WELCOME TO HEX ADVENT 2025, ‘tis the season to Unwrap Your Potential! 🎁 HEX ADVENT 2025 is a Christmas-themed CTF Advent Calendar, designed for women, by women. What to Expect 12 Days, 12 Challenges: A structured schedule to build mastery across different CTF categories....

Information This is a solo CTF event open to women residing in Singapore or Malaysia. To register and be eligible for the prizes: Register on CTFd, and select the “eligible” bracket. Confirm your eligibility by filling in the Google Form. The flag format is described by this regex: /^HEX{.*}$/ There are a total of 12 challenges. One challenge will be released each day at 09:00 SGT within the period of 1 December 2025 to 12 December 2025....

The Target: Brother MFC-J1010DW Affected Models: Brother Printer MFC-J1010DW Vulnerable Firmware: Version <= 1.18 TL;DR: The Vulnerability Chain We discovered three vulnerabilities that when chained together, allow for complete remote compromise: Authentication Bypass via SNMP - Retrieve the printer’s serial number without authentication, allowing attackers to derive the default admin password Unauthenticated Firmware Rollback - Downgrade to vulnerable firmware versions over the network, no credentials required Buffer Overflow via Referer Header - Execute arbitrary code by crafting malicious HTTP headers The result?...

TL;DR 🚀 We’re turning a simple compression library into a shell delivery service! This writeup exploits a buffer overflow in lz1/lz77 decompression by crafting malicious compressed data that overflows the stack and chains ROP gadgets for code execution. Ever wondered how a simple file compression tool could hand you the keys to a system? Well, buckle up because we’re about to turn andyherbert’s innocent lz1 compressor into our personal shell delivery service!...