One of our current intern, @goatmilkkk shared his Chrome-atic escape adventure using CVE-2024-30088.Epic obstacles documented in it too!.

Our researchers, @KaligulaSec & @cplearns2h4ck were credited for 4 vulnerabilities in Microsoft this month. Huge congratulations to both of them for their exceptional work. 👏.

RT @offbyoneconf: @offbyoneconf 2025 Day 2 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and com….

The Day 2 videos are finally out 🥳🥳.

RT @offbyoneconf: @offbyoneconf 2025 Day 1 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and co….

The Day 1 videos are finally out 🥳🥳.

When life gives you tangerines🍊.Intern Lin Ze Wei's task: Port a 2-bug exploit to Pixel 6 Pro.Problem: One bug "doesn't work".Solution: Make it work with 1 bug. Sometimes the best research comes from working with what you think you have.

After almost 8 months of coordinated disclosure, vulnerabilities in Trend Micro Apex Central discovered by our former colleague @Chocologicall have been resolved!. ZDI advisories: ZDI-25-295, ZDI-25-296, ZDI-25-297, ZDI-25-236, ZDI-25-237.

After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to @st424204, @n0psledbyte, @Peterpan980927 & @rainbowpigeon_.CVE-2025-23095 to CVE-2025-23107 .📍

"Why is my exploit taking 10 minutes?" .*checks logs* .*sees 10,000 kernel warnings* .". oh" 💡. Fresh Friday night read: our intern, Tan Ze Jian, on Mali exploitation - sometimes the fix is simpler than you think!.

RT @thezdi: Pwn2Own Berlin 2025 comes to a close. We awarded $1,078,750 for 28 unique 0-days. Congrats to @starlabs_sg for winning Master o….

RT @_jsoo_: Big shoutout to @hi_im_d4rkn3ss & @gerrard_tai for flying over & represent us.To our 1st-timers Gerrard @cplearns2h4ck @MochiNi….

RT @thezdi: Confirmed!! Dung and Nguyen (@MochiNishimiya) of STARLabs used a TOCTOU race condition to escape the VM and an Improper Validat….

RT @thezdi: Confirmed! Gerrard Tai of STAR Labs SG Pte. Ltd used a Use-After-Free bug to escalate privileges on Red Hat Enterprise Linux. T….

RT @thezdi: Outstanding! Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG used a single integer overflow to exploit #VMware ESXi - a fir….

RT @thezdi: Nicely done! Billy (@st424204) and Ramdhan (@n0psledbyte) of STAR Labs used a UAF in the Linux kernel to perform their Docker….

RT @thezdi: Confirmed! Chen Le Qi (@cplearns2h4ck) of STARLabs SG combined a UAF and an integer overflow to escalate to SYSTEM on #Windows….

Just dropped a blog post on a fun bug that our (former since it's reported long long time ago) intern, Devesh Logendran found in Visual Studio Code <= 1.89+ .We hope you will have fun reading it.

RT @offbyoneconf: 🗣️𝐒𝐢𝐧𝐠𝐚𝐩𝐨𝐫𝐞𝐚𝐧 𝐬𝐭𝐮𝐝𝐞𝐧𝐭𝐬 in tertiary institutions! . 🆓𝐅𝐑𝐄𝐄 Off-by-One Conference student tickets up for grabs!.🆓Sponsored b….

A huge thank you to @INTfinitySG for sponsoring student tickets and making it possible for more young talents to attend. Your support helps nurture the next generation of cybersecurity professionals.