Recently I ran an experiment where I built agents on top of Opus 4.5 and GPT-5.2 and then challenged them to write exploits for a zeroday vulnerability in the QuickJS Javascript interpreter. I added a variety of modern exploit mitigations, various constraints (like assuming an unknown heap starting state, or […]

# Windows Internals: Check Your Privilege – The Curious Case of ETW’s SecurityTrace Flag > This blog post is from the original post I made on the Origin (by Prelude) blog. The original can be found here. ## Introduction Recently, while investigating new feature development for our Origin (by Prelude) […]

This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution. There are several actions that could trigger this block including submitting a certain word or phrase, a SQL command or malformed data. You can email the site owner […]

In December 2025, a previously unknown Ransomware-as-a-Service (RaaS) operation calling itself **Sicarii** began advertising its services across multiple underground platforms. The group’s name references the _Sicarii_, a 1st-century Jewish assassins group that opposed Roman rule in Judea. From its initial appearance, the Sicarii ransomware group distinguished itself through unusually explicit and persistent use […]

# What is a mobile DAST and why security teams are moving beyond pen testing # Table of contents 1. Introduction 2. What is a mobile DAST? 3. DAST vs SAST: what’s the difference? 4. Why DAST is taking over pen testing for mobile app security 5. How Oversecured DAST […]

# Wireless-(in)Fidelity: Pentesting Wi-Fi in 2025 Despite the advancements that have been made in Wi-Fi security with the arrival of WPA3, some misconfigurations and legacy protocols still remain. In this blogpost, we share insights into Wi-Fi related findings encountered during penetration testing engagements. We will present compromise methods, addressing both […]

In December 2025, Check Point Research identified a small cluster of previously unseen Linux malware samples that appear to originate from a Chinese-speaking development environment. Many of the binaries included debug symbols and other development artifacts, suggesting we were looking at in-progress builds rather than a finished, widely deployed tool. […]

# Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691) Welcome to 2026! While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’re back from Christmas and idle hands, idle minds, yada yada. In December, we were alerted to a […]

Eight years ago today, I started STAR Labs by hiring several fresh grads with no working experiences. Today, I stand here with a different group of faces. Some of you were there from the beginning. Some of you joined along the way. Some of you just started last month. And […]

GoBruteforcer is a botnet that turns compromised Linux servers into scanning and password brute-force nodes. It targets internet-exposed services such as phpMyAdmin web panels, MySQL and PostgreSQL databases, and FTP servers. Infected hosts are incorporated into the botnet and accept remote operator commands. Newly discovered weak credentials are used to […]