Confirmed! Chen Le Qi (chiefpie) of STARLabs SG combined a UAF and an integer overflow to escalate to SYSTEM on #Windows 11. He earns $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OBerlin

After a dramatic pause in getting things setup Billy(Billy) and Ramdhan(Ramdhan) of STAR Labs preformed a Docker Desktop escape to pop calc - and they are also now off to the disclosure room - good luck! #Pwn2Own #P2OBerlin

Nicely done! Billy (Billy) and Ramdhan (Ramdhan) of STAR Labs used a UAF to perform their Docker Desktop escape and execute code on the underlying OS. They earn $60,000 and 6 Master of Pwn Points.

Oh my! In a #Pwn2Own first, Nguyen Hoang Thach (Thach Nguyen Hoang 🇻🇳) of STARLabs SG was able to go from guest to host on #VMware ESXi. Amazing work. He's off to the disclosure room to provide the details. #P2OBerlin

Outstanding! Nguyen Hoang Thach (Thach Nguyen Hoang 🇻🇳) of STARLabs SG used a single integer overflow to exploit #VMware ESXi - a first in #Pwn2Own history. He earns $150,000 and 15 Master of Pwn points. #P2OBerlin

Confirmed! Gerrard Tai of STAR Labs SG Pte. Ltd used a Use-After-Free bug to escalate privileges on Red Hat Enterprise Linux. Their third-round win earns them $10,000 and 2 Master of Pwn points.

konata.github.io/posts/samsung-… Samsung’s ISVP: Betraying the Trust of Security Researchers Samsung Mobile

Just amazing. Dung and Nguyen (Mochi Nishimiya) of STARLabs not only demonstrated their guest-to-host exploit of #Oracle VirtualBox, they added on a Windows kernel vulnerability to take over the system. Tremendous work. They head off to disclosure with the details. #Pwn2Own

Confirmed!! Dung and Nguyen (Mochi Nishimiya) of STARLabs used a TOCTOU race condition to escape the VM and an Improper Validation of Array Index for the Windows privilege escalation. They earn $70,000 and 9 Master of Pwn points. #Pwn2Own

Big shoutout to Thach Nguyen Hoang 🇻🇳 & Gerrard Tai for flying over & represent us To our 1st-timers Gerrard chiefpie Mochi Nishimiya for the awesome work To Ramdhan & Billy for guiding the next gen & piers Bruce Chen who are part of it Lets continue trying #Pwn2Own

Pwn2Own Berlin 2025 comes to a close. We awarded $1,078,750 for 28 unique 0-days. Congrats to starlabs for winning Master of Pwn with $320,000. Thanks to offensivecon for hosting, and thanks to all who participated. Can't wait to see you next year! #Pwn2Own #P2OBerlin

#OffensiveCon25 videos are now up! youtube.com/playlist?list=…

After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to Billy, Ramdhan, [email protected] & rainbowpigeon CVE-2025-23095 to CVE-2025-23107 📍 semiconductor.samsung.com/support/qualit…

I couldn't be prouder of our security research team! 13 CVEs in Samsung Exynos processors. This is what happens when you give them the freedom to push boundaries. Thankful to Billy, Ramdhan, [email protected] for guiding our intern rainbowpigeon

Made a pwn challenge for this year’s HITCON CTF, which required participants to bypass PAC, BTI, and deal with relative vtables. Here’s the write-up: bruce30262.github.io/hitcon-ctf-202… Check it out if you're interested🙂

Last weekend, I participated in corCTF and solved the Android Pwn challenge - corphone. It was a great challenge, and I learned a lot from it. Here's my write-up :) u1f383.github.io/android/2025/0…

🔥 Sweet! starlabs just turned the CanonUSA imageCLASS MF654Cdw into their playground. They are off to the disclosure room to show how they did it.

Confirmed! starlabs used a heap based buffer overflow to exploit the CanonUSA imageCLASS MF654Cdw. They earn themselves $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OIreland

🎶 Mic drop! piers of STAR Labs SG just hacked the Sonos Era 300 at #Pwn2Own. That’s a chart-topper! They are off to the disclosure room to drop the needle on how they played that tune. #P2OIreland

📢 Confirmed! dmdung (piers) used a single OOB access bug to exploit the Sonos Era 300 smart speaker. In doing so, he earns $50,000 and 5 Master of Pwn points. #Pwn2Own