This research introduces a pioneering dual approach that combines signature-based matching (DalvikFLIRT) with LLM-powered code transformation to bypass sophisticated Android app obfuscation, enabling automated security analysis of previously impenetrable code.

Product

CNIL Standard Integration, SARIF Support, Copilot Enhancements, and Smarter Vulnerability Analysis.

This release introduces CNIL standard support, SARIF export, and improved vulnerability insights with locations and advanced search. Copilot is more powerful, performance is faster, and asset and remediation workflows are smoother.

Mon 07 April 2025

Product

From Moonshot to Production: Building Ostorlab Copilot

This article outlines our journey in implementing ostorlab copilot, the challenges we encountered, and the lessons we learned along the way.

Mon 24 February 2025

Product

Ostorlab's Security Scanner GitHub App,Ticket Aggregation V2, Copilot Launch, and Enhanced Security Features

February's update introduces Ticket Aggregation V2 and Ostorlab Copilot, alongside improvements to reporting capabilities and detection mechanisms. These updates enhance vulnerability management, user experience, and security analysis across the platform.

Thu 20 February 2025

This article announces Ostorlab's vulnerability ticketing system V2 and how it automates and streamlines the entire process of managing, and remediating security vulnerabilities through features like automated ticket creation, lifecycle management, policy enforcement, and integration with existing tools.

This article explores AI-automated attack surface management, its impact on cybersecurity, and how it automates asset discovery and vulnerability detection.

Latest posts

AI-automated Attack surface, Privacy Analysis, Wordpress agent, and more.

Ostorlab's January 2025 update introduces AI-powered attack surface discovery and improves IDE performance. The release expands detection capabilities with new secret and privacy checks, adds a WordPress security agent, and implements additional threat fingerprints and CVE support. A new Privacy profile for compliance analysis is launched, along with enhancements to scan options and vulnerability reporting. These updates aim to improve asset analysis, security assessments, and risk mitigation across various digital environments.

Mon 20 January 2025

Advanced Search Query, API Endpoints, Tons of new detections, and more.

The December release introduces advanced inventory search with Python-like syntax, enhanced asset status filtering, API endpoint autodiscovery, and comprehensive scan summaries. Additionally, it adds GraphQL vulnerability detection, domain takeover prevention, new CVE detections, privacy compliance checks, and Jira integration improvements for streamlined issue management.

Mon 02 December 2024

Pre-Auth Root RCE Vulnerability in CyberPanel: Deep Dive Exploit Analysis

A technical analysis of a vulnerability in CyberPanel, a Pre-Auth Root RCE, including confirmed exploitation paths, investigated components, and research methodology findings.

Wed 30 October 2024

Revamped Search, new detection capabilities, actively exploited CVEs and much more.

The latest releases introduces a revamped search UI, new detection capabilities, attack surface & inventory performance improvements, plus much more.

Tue 22 October 2024

Defending Against GraphQL Attacks: A Deep Dive into Common Vulnerabilities

This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and how they can be mitigated.

Mon 21 October 2024

Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution

This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.

Wed 16 October 2024

Threat Center v2: 🚨 Staying Ahead of Vulnerabilities 🛡️

The Threat Center provides essential updates for organizations to stay informed about security threats, offering actionable intelligence and detailed asset information to help users proactively protect their systems.

Thu 10 October 2024

Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)

An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPress, its impact, and a technical breakdown of our detection method.

Thu 10 October 2024


Previous
1 of 15