Last 7 DAYS LEFT to submit to our Off-By-One 2025 CFP! Got something exciting to share? Now’s your chance to speak at the conference. ⏰ Time is ticking! offbyone.sg/cfp Let’s make this unforgettable! #OBO2025 #Singapore

We look forward to meeting everyone (both speakers and attendees). 🥳

🗣️𝐒𝐢𝐧𝐠𝐚𝐩𝐨𝐫𝐞𝐚𝐧 𝐬𝐭𝐮𝐝𝐞𝐧𝐭𝐬 in tertiary institutions! 🆓𝐅𝐑𝐄𝐄 Off-by-One Conference student tickets up for grabs! 🆓Sponsored by INTfinity Consulting Register at forms.gle/o4XVzBeBf8Lewv…, by 12 April 2025. More information: linkedin.com/posts/off-by-o…

A huge thank you to INTfinity Consulting for sponsoring student tickets and making it possible for more young talents to attend. Your support helps nurture the next generation of cybersecurity professionals.

Just dropped a blog post on a fun bug that our (former since it's reported long long time ago) intern, Devesh Logendran found in Visual Studio Code <= 1.89+ We hope you will have fun reading it. starlabs.sg/blog/2025/05-b…

Confirmed! Chen Le Qi (chiefpie) of STARLabs SG combined a UAF and an integer overflow to escalate to SYSTEM on #Windows 11. He earns $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OBerlin

Nicely done! Billy (Billy) and Ramdhan (Ramdhan) of STAR Labs used a UAF in the Linux kernel to perform their Docker Desktop escape and execute code on the underlying OS. They earn $60,000 and 6 Master of Pwn Points.

Outstanding! Nguyen Hoang Thach (Thach Nguyen Hoang 🇻🇳) of STARLabs SG used a single integer overflow to exploit #VMware ESXi - a first in #Pwn2Own history. He earns $150,000 and 15 Master of Pwn points. #P2OBerlin

Confirmed! Gerrard Tai of STAR Labs SG Pte. Ltd used a Use-After-Free bug to escalate privileges on Red Hat Enterprise Linux. Their third-round win earns them $10,000 and 2 Master of Pwn points.

Confirmed!! Dung and Nguyen (Mochi Nishimiya) of STARLabs used a TOCTOU race condition to escape the VM and an Improper Validation of Array Index for the Windows privilege escalation. They earn $70,000 and 9 Master of Pwn points. #Pwn2Own

Big shoutout to Thach Nguyen Hoang 🇻🇳 & Gerrard Tai for flying over & represent us To our 1st-timers Gerrard chiefpie Mochi Nishimiya for the awesome work To Ramdhan & Billy for guiding the next gen & piers Bruce Chen who are part of it Lets continue trying #Pwn2Own

Pwn2Own Berlin 2025 comes to a close. We awarded $1,078,750 for 28 unique 0-days. Congrats to starlabs for winning Master of Pwn with $320,000. Thanks to offensivecon for hosting, and thanks to all who participated. Can't wait to see you next year! #Pwn2Own #P2OBerlin

"Why is my exploit taking 10 minutes?" *checks logs* *sees 10,000 kernel warnings* "...oh" 💡 Fresh Friday night read: our intern, Tan Ze Jian, on Mali exploitation - sometimes the fix is simpler than you think! starlabs.sg/blog/2025/05-g…

After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to Billy, Ramdhan, [email protected] & rainbowpigeon CVE-2025-23095 to CVE-2025-23107 📍 semiconductor.samsung.com/support/qualit…

After almost 8 months of coordinated disclosure, vulnerabilities in Trend Micro Apex Central discovered by our former colleague Jia Hao have been resolved! ZDI advisories: ZDI-25-295, ZDI-25-296, ZDI-25-297, ZDI-25-236, ZDI-25-237

When life gives you tangerines🍊 Intern Lin Ze Wei's task: Port a 2-bug exploit to Pixel 6 Pro Problem: One bug "doesn't work" Solution: Make it work with 1 bug Sometimes the best research comes from working with what you think you have starlabs.sg/blog/2025/06-s…

Off-By-One Conference 2025 Day 1 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and comment! lnkd.in/gi5jQBi4

Off-By-One Conference 2025 Day 2 presentation videos are now available on our official YouTube channel! Subscribe, like 👍 and comment! lnkd.in/geDcTSsr

The Day 1 videos are finally out 🥳🥳

The Day 2 videos are finally out 🥳🥳