After seeing the amazing lineup by RE//verse , maybe it will give you more motivation to win the ticket😉

Neat post by my co-worker explaining an nday and further research to find a 0day

More reasons to get a 🐈!

CVE-2025-24050 seems like another case of False File Immutability bug mentioned by Gabriel Landau Host file over SMB to bypass exclusive access -> Return smaller OffsetTableSize when .rct file is read over SMB -> OOB read when parsing OffsetTable

Here's my new post on finding a handful of bugs in Windows by simple tricks and custom fuzz. We then completed exploitation for LPE. Microsoft patched the bugs by restricting access, which means the bugs are not diffable and still Admin->Kernel 0days. Hope you enjoy the read!

Claude 3.7 + IDA MCP automatically reverse engineers Windows driver ctf I wrote without symbols(p1, p2). Proceeds to create structures and recreates source code(p3) with extreme accuracy compared to original source(p4). ~3mins fully automated

I'm lucky to be the first to attempt Windows 11 EoP in this year's p2o. All the best to everyone participating ^^

Just pwned Windows 11 with a kernel 0day in Pwn2Own Berlin! Thanks to my teammates Gerrard and Thach(Thach Nguyen Hoang 🇻🇳) for helping me run the exploit. Goodluck to their entries as well.

Confirmed! Chen Le Qi (chiefpie) of STARLabs SG combined a UAF and an integer overflow to escalate to SYSTEM on #Windows 11. He earns $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OBerlin

Won Master of Pwn with the team at STAR Labs👑

Some of my bugs in Windows Kernel ETW have been fixed by MSRC this month. msrc.microsoft.com/update-guide/v… msrc.microsoft.com/update-guide/v… These bugs are triggered from NTOS syscall.

Nice work by my intern on escaping chrome renderer sandbox with windows kernel nday. He is really good. Hope you enjoy his blogpost😆

This is an analysis of a recent clfs nday bug exploited ITW by Storm-2460, analyzed by my other intern. Hope you enjoy the post🙌

After MSRC recalculated scores, we are finally ranked #88 on MSRC MVR 2025. I'm happy to support responsible disclosure at STAR Labs and hope to do better next year🙇‍♂️.

I still find it funny that when the machine has Visual Studio installed, suddenly all normal users have notify access to the default ETW_GUID_ENTRY security descriptor, which exposes quite a number of attack surface from spoofing to kernel LPE vulnerabilities

Some of my bugs are patched in this month's patch tuesday, including the ones I used for Pwn2Own Berlin 2025. CVE-2025-50167 Race UAF in Hyper-V

Some more of my bugs in Hyper-V are patched in this month's update. I'm able to exploit it to elevate privileges on the last 10 years of Windows. Also seems like more researchers are targetting this component now.

Received my swag for MSRC MVR 2025🏅

Always fun to read a civilized yet technical discourse on this platform😙

CVE-2025-55680 cldflt.sys EoP exploited in TyphoonPWN 2025 A direct bypass of James Forshaw 's bug from 2020 (project-zero.issues.chromium.org/issues/42451188) unpatched for 5 years