Tag

security

Precision beats payload spray using Ostorlab's AI engine to systematically land RCE on Titiler and proves exfiltration without a single stack trace.

Security

AI-Powered Pentesting: A Deep Dive into Android Intent Redirection

This article showcases Ostorlab's AI Pentest Engine's process for analyzing an Android applicatio...

Sun 31 August 2025

Security

Automating Security Research: AI Engine Exploits GCP Service Account Secret

This article presents a thorough, hands-on analysis and real-world exploitation of a hardcoded GC...

Thu 28 August 2025

Security

From Signal to the Android SDK: Chaining Path Traversal, Mimetype Confusion, Security Check Bypass and File Descriptor Bruteforce for Arbitrary File Access

This technical analysis reveals how sophisticated attack chains—combining path traversal, symboli...

Mon 11 August 2025

This article presents a thorough, hands-on analysis and proof of concept for exploiting an OOB XXE vulnerability CVE-2021-29620 in Report Portal. It details how Ostorlab's AI-powered pentesting engine was used to automate the full cycle.

This article presents a thorough, hands-on analysis and proof of concept for exploiting the stored XSS vulnerability CVE-2025-52559 in Zulip. It details how Ostorlab's AI-powered pentesting engine was used to automate the full cycle.

Latest posts

Know Your App's Data Habits: A Deep Dive into Our Comprehensive Privacy Analysis

Ostorlab's Privacy Scan automatically detects mismatches between what your app's privacy policy says and what it actually does. This comprehensive analysis of policy text, permissions, code, and UI elements helps mobile developers avoid compliance violations and build user trust through accurate privacy practices.

Tue 27 May 2025

Ostorlab Security Scanner GitHub Integration

The Ostorlab Security Scanner GitHub Integration enhances mobile app development workflows by embedding automated security directly into the CI/CD pipeline. It offers a GitHub Action for scanning mobile application on every code push. It adds inline vulnerability insights directly to pull requests, highlighting the exact code changes that introduced issues and suggesting one-click fixes developers can apply without leaving GitHub.

Wed 21 May 2025

Scan, Sync, Remediate: Ostorlab Meets Vanta for Faster Audits

This article announces the new integration between Ostorlab and Vanta, explains how it works, outlines the setup process, and highlights the key benefits for security and compliance teams.

Tue 20 May 2025

Expanded Privacy Analysis, Attack Surface Profiling, and GitHub Source Mapping Improvements

Ostorlab's May 2025 update delivers comprehensive privacy analysis capabilities with 21 new data collection categories and enhanced verification tools. This release introduces specialized Attack Surface scan profiles for optimized security assessments, adds GitHub source code integration for precise vulnerability mapping, and implements QPS rate limiting for controlled scanning. Additional improvements include mobile scan URL regex controls, streamlined Jira integration, and expanded fingerprinting capabilities for improved detection accuracy.

Mon 12 May 2025

Pre-Auth Root RCE Vulnerability in CyberPanel: Deep Dive Exploit Analysis

A technical analysis of a vulnerability in CyberPanel, a Pre-Auth Root RCE, including confirmed exploitation paths, investigated components, and research methodology findings.

Wed 30 October 2024

Defending Against GraphQL Attacks: A Deep Dive into Common Vulnerabilities

This article is an in-depth look at the most common GraphQL vulnerabilities, why they occur, and how they can be mitigated.

Mon 21 October 2024

Assessing the Large-Scale Exposure of CUPS Vulnerabilities: Chained CVEs Leading to Remote Code Execution

This article assesses the large-scale exposure of systems to multiple CVEs affecting the CUPS printing service, which can be chained together to achieve unauthenticated remote code execution (RCE). We provide an overview of how these vulnerabilities, including CVE-2024-47176, work in tandem, walking through the exploit flow. Additionally, we analyze how many systems are potentially vulnerable and highlight a unique behavior observed during testing.

Wed 16 October 2024

Threat Center v2: 🚨 Staying Ahead of Vulnerabilities 🛡️

The Threat Center provides essential updates for organizations to stay informed about security threats, offering actionable intelligence and detailed asset information to help users proactively protect their systems.

Thu 10 October 2024


Previous
1 of 4