Category

Security

Precision beats payload spray using Ostorlab's AI engine to systematically land RCE on Titiler and proves exfiltration without a single stack trace.

Security

AI-Powered Pentesting: A Deep Dive into Android Intent Redirection

This article showcases Ostorlab's AI Pentest Engine's process for analyzing an Android applicatio...

Sun 31 August 2025

Security

Automating Security Research: AI Engine Exploits GCP Service Account Secret

This article presents a thorough, hands-on analysis and real-world exploitation of a hardcoded GC...

Thu 28 August 2025

Security

From Signal to the Android SDK: Chaining Path Traversal, Mimetype Confusion, Security Check Bypass and File Descriptor Bruteforce for Arbitrary File Access

This technical analysis reveals how sophisticated attack chains—combining path traversal, symboli...

Mon 11 August 2025

This article presents a thorough, hands-on analysis and proof of concept for exploiting an OOB XXE vulnerability CVE-2021-29620 in Report Portal. It details how Ostorlab's AI-powered pentesting engine was used to automate the full cycle.

This article presents a thorough, hands-on analysis and proof of concept for exploiting the stored XSS vulnerability CVE-2025-52559 in Zulip. It details how Ostorlab's AI-powered pentesting engine was used to automate the full cycle.

Latest posts

Bypassing Obfuscation in Android Apps: A Dual Approach with DalvikFLIRT and LLM-Powered Rewrites

This research introduces a pioneering dual approach that combines signature-based matching (DalvikFLIRT) with LLM-powered code transformation to bypass sophisticated Android app obfuscation, enabling automated security analysis of previously impenetrable code.

Wed 16 April 2025

Pre-Auth Root RCE Vulnerability in CyberPanel: Deep Dive Exploit Analysis

A technical analysis of a vulnerability in CyberPanel, a Pre-Auth Root RCE, including confirmed exploitation paths, investigated components, and research methodology findings.

Wed 30 October 2024

Defending Against GraphQL Attacks: A Deep Dive into Common Vulnerabilities

This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and how they can be mitigated.

Mon 21 October 2024

Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution

This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.

Wed 16 October 2024

Deep Dive: Stored XSS Vulnerability in LiteSpeed Cache Plugin for WordPress (CVE-2024-47374)

An in-depth look at the CVE-2024-47374 vulnerability affecting LiteSpeed Cache plugin for WordPress, its impact, and a technical breakdown of our detection method.

Thu 10 October 2024

Actively Exploited CVE-2022-21445, Deep Dive

The article delves into the technical details of this CVE, its potential impact, and the methods used to detect and exploit it.

Wed 25 September 2024

Unraveling the VigorConnect Vulnerability: A Journey of Discovery and Correction

The article uncovers an Arbitrary File Read vulnerability in VigorConnect that lets attackers access sensitive files. The issue originates from improper input validation in file handling methods.

Thu 12 September 2024

Advanced Techniques for Bypassing 4xx Errors

Discover the comprehensive techniques that are commonly used to bypass 4xx errors. Learn about the various methods used, including HTTP method fuzzing, request header manipulation, parameter tampering, and more.

Mon 05 August 2024


Previous
1 of 5