Ostorlab: Mobile App Security Testing for Android and iOS

Tag

poc

AI Pentest Engine Discovers Critical WebSocket BFLA in GraphQL Subscriptions

Ostorlab's AI Pentest Engine systematically uncovered a critical Broken Function-Level Authorization (BFLA) vulnerability in a GraphQL WebSocket endpoint, allowing unauthenticated access to a real-time translation service. This case study details the AI's step-by-step process, from discovery to proof-of-concept.

Abderrahim Haddadi


            Fri 26 December 2025

Security

AI Engine Triggers Account Takeover via API Version Confusion

Methodical analysis beats blind fuzzing as Ostorlab's AI engine discovers cross-version password ...

Amine Atyq


                  Mon 15 December 2025

Security

Automating Security Research: AI Engine Exploits Complex Blind Code Injection

Precision beats payload spray using Ostorlab's AI engine to systematically land RCE on Titiler an...

Ostorlab Team


                  Thu 04 September 2025

Security

AI-Powered Pentesting: A Deep Dive into Android Intent Redirection

This article showcases Ostorlab's AI Pentest Engine's process for analyzing an Android applicatio...

Ostorlab Team


                  Sun 31 August 2025

Security

Automating Security Research: AI Engine Exploits GCP Service Account Secret

This article presents a thorough, hands-on analysis and real-world exploitation of a hardcoded GCP service account with overprivileged Pub/Sub access discovered in a HackerOne mobile app. It details how Ostorlab’s AI-powered pentesting engine automated the full cycle—from authentication and permission enumeration to end-to-end message injection/interception—enabling remediation within four days.

Ostorlab Team


                  Thu 28 August 2025

Security

Automating Security Research: AI Engine Exploits Report Portal XXE (CVE-2021-29620)

This article presents a thorough, hands-on analysis and proof of concept for exploiting an OOB XXE vulnerability CVE-2021-29620 in Report Portal. It details how Ostorlab's AI-powered pentesting engine was used to automate the full cycle.

Ostorlab Team


                  Thu 07 August 2025

Latest posts

Security

Automating Security Research: AI Engine Exploits Zulip Stored XSS (CVE-2025-52559)

This article presents a thorough, hands-on analysis and proof of concept for exploiting the stored XSS vulnerability CVE-2025-52559 in Zulip. It details how Ostorlab's AI-powered pentesting engine was used to automate the full cycle.

Ostorlab Team


                    Mon 28 July 2025

Changelog

View all changes

poc

AI Pentest Engine Discovers Critical WebSocket BFLA in GraphQL Subscriptions

AI Engine Triggers Account Takeover via API Version Confusion

Automating Security Research: AI Engine Exploits Complex Blind Code Injection

AI-Powered Pentesting: A Deep Dive into Android Intent Redirection

Automating Security Research: AI Engine Exploits GCP Service Account Secret

Automating Security Research: AI Engine Exploits Report Portal XXE (CVE-2021-29620)

Latest posts

Automating Security Research: AI Engine Exploits Zulip Stored XSS (CVE-2025-52559)

Changelog

Subscribe to the Ostorlab Newsletter