Blog | STAR Labs

Research Nov 16, 2021

Diving into Open-source LMS Codebases

Introduction Looking to practice on source code review, I had been diving into how open-source LMS codebases are structured in order to find undiscovered …

ByPoh Jia Hao

Research Sep 14, 2021

Analysis of CVE-2021-1758 (CoreText Out-Of-Bounds Read)

References: STARLabs Advisory STAR-21-1758 In February, Peter found a OOB read vulnerability in libFontParser.dylib. The latest tested version with the …

ByDaniel Lim Wee Soong

Research Aug 04, 2021

Identifying Bugs in Router Firmware at Scale with Taint Analysis

In the past few months, Akash and I (@daniellimws) worked on developing a taint analysis tool to find bugs in routers, with the guidance of Shi Ji (@puzzor) and …

ByDaniel Lim Wee Soong

Research Jun 25, 2021

Simple Vulnerability Regression Monitoring with V8Harvest

Introduction During my research into Javascript Engine (V8), I have created a small tool to help you view recent V8 bugs that contains regression test on a …

ByĐào Tuấn Linh

Research Apr 12, 2021

You Talking To Me?

What is WebDriver and How does it work? WebDriver is a protocol used for web browser automation. It can drive a browser to perform various tests on web pages as …

ByLi JianTao

Research Jan 09, 2021

Chrome 1-Day Hunting - Uncovering and Exploiting CVE-2020-15999

Introduction This blog post details the exploitation process for the vulnerability CVE 2020-15999 in Google Chrome 86.0.4222.0 on Linux. While CVE 2020-15999 is …

ByChai Yi Chen

Research Nov 13, 2020

Instrumenting Adobe Reader with Frida

Frida is an open-source dynamic instrumentation toolkit that has become popular in recent years, and its use in mobile security is especially prevalent. In this …

ByAlan Chang

Research Oct 16, 2020

Analysis & Exploitation of a Recent TP-Link Archer A7 Vulnerability

This post provides detailed analysis and an exploit achieving remote code execution for CVE-2020-10882, which was used at Pwn2Own 2019, on the TP-Link Archer …

ByLucas Tay

Research Sep 25, 2020

Pwn2Own 2020: Oracle VirtualBox Escape

In this post, we will cover the vulnerabilities used at Pwn2Own 2020 for the Oracle VirtualBox escape. These two vulnerabilities affect Oracle VirtualBox 6.1.4 …

ByPham Hong Phi

Research Sep 04, 2020

This Font is not Your Type

Half a year ago, I found a vulnerability in libFontParser.dylib, which is a part of CoreGraphics library that is widely used in macOS, iOS, iPadOS to parse and …

ByPeter Nguyen Vu Hoang