Security Researcher @starlabs_sg , playing CTF with @r3kapig
Joined February 2010
- Tweets 384
- Following 399
- Followers 2,218
- Likes 1,468
44 Photos and videos
Jiantao Li retweeted
Feb 5
Ever wondered what happens when you pickle a mailbox? 🥒📬
(No, it’s not a recipe, it’s a vulnerability.)
Our team breaks down CVE-2025-20393 in a new deep dive post covering root cause, internals & exploitation details
starlabs.sg/blog/2026/01-pic…
Written by @CurseRed & @bestswngs
1
28
86
9,037
Jiantao Li retweeted
3 Nov 2025
🖨️ Brother, can you spare us a root shell?
We were ready for Pwn2Own but they patched it on the LAST DAY of registration 😭
Hope you enjoy this new blog post from us.
📖 starlabs.sg/blog/2025/11-bre…
2
45
163
30,765
Jiantao Li retweeted
21 Oct 2025
Confirmed! @starlabs_sg used a heap based buffer overflow to exploit the @CanonUSA imageCLASS MF654Cdw. They earn themselves $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OIreland
7
51
14,518
Jiantao Li retweeted
21 Oct 2025
The interns spent almost two months on this. Congratulations to @hi_im_d4rkn3ss @gerrard_tai @KaligulaSec Lin Zewei and Tan Ze Jian
21 Oct 2025
Confirmed! @starlabs_sg used a heap based buffer overflow to exploit the @CanonUSA imageCLASS MF654Cdw. They earn themselves $20,000 and 2 Master of Pwn points. #Pwn2Own #P2OIreland
1
48
4,825
Jiantao Li retweeted
12 Oct 2025
Recently our co-worker, @CurseRed found and reported some bugs in OnlyOffice while on a pentest engagement.
We are always preparing organisations to protect against the ever-evolving threat of cyber attacks.
6
58
12,224
Jiantao Li retweeted
11 Sep 2025
Lost in Translation: Apache Vulnerabilities That Don’t Count (Literally)
Found a few bugs in Apache projects in 2024 - SSRF in Pony Mail Foal & RCE on whimsy\.apache\.org
Fixed but no CVEs
Sharing is Caring: starlabs.sg/blog/2025/09-los…
Found by @CurseRed & former intern Devesh.
1
15
49
8,821
Jiantao Li retweeted
13 Aug 2025
Some of my bugs are patched in this month's patch tuesday, including the ones I used for Pwn2Own Berlin 2025.
CVE-2025-50167 Race UAF in Hyper-V
9
36
381
24,312
Jiantao Li retweeted
21 Jul 2025
I hope everyone got some rest after @DownUnderCTF this weekend. My colleague @hash_kitten wrote up a blog post on a novel technique for SQL Injection in PDO's prepared statements, required to exploit the “legendary” challenge, which only got one solve: slcyber.io/assetnote-securit…
49
235
10,559
Jiantao Li retweeted
16 Jul 2025
CASE CLOSED: CVE-2025-29824
0 public samples, 0 information
Suspect: Windows CLFS driver
Crime: UAF leading to Privilege Escalation
Status: ACTIVELY EXPLOITED ITW
Investigation: Debugged and documented
Case files: starlabs.sg/blog/2025/07-my-…
Done by our intern, Ong How Chong
40
159
19,549
Jiantao Li retweeted
10 Jul 2025
One of our current intern, @goatmilkkk shared his Chrome-atic escape adventure using CVE-2024-30088
Epic obstacles documented in it too!
starlabs.sg/blog/2025/07-foo…
2
55
194
26,700
🎉 Last weekend we participated in bi0sCTF 2025 as r3kapig and secured first place! 🥇 Huge thanks to @teambi0s for organizing such an amazing competition! 🙏 Congratulations to @ProjectSEKAIctf for second place 🥈 and @thehackerscrew1 for third place 🥉
6
65
4,023
Jiantao Li retweeted
5 Jun 2025
When life gives you tangerines🍊
Intern Lin Ze Wei's task: Port a 2-bug exploit to Pixel 6 Pro
Problem: One bug "doesn't work"
Solution: Make it work with 1 bug
Sometimes the best research comes from working with what you think you have
starlabs.sg/blog/2025/06-sol…
39
143
15,286
Jiantao Li retweeted
3 Jun 2025
After 6 months of responsible disclosure, proud to announce our team discovered 13 (mostly exploitable) vulnerabilities in Samsung Exynos processors! Kudos to @st424204, @n0psledbyte, @Peterpan980927 & @rainbowpigeon_
CVE-2025-23095 to CVE-2025-23107
📍 semiconductor.samsung.com/su…
2
22
159
22,813
Jiantao Li retweeted
30 May 2025
"Why is my exploit taking 10 minutes?"
*checks logs*
*sees 10,000 kernel warnings*
"...oh" 💡
Fresh Friday night read: our intern, Tan Ze Jian, on Mali exploitation - sometimes the fix is simpler than you think!
starlabs.sg/blog/2025/05-gon…
27
113
6,952
Jiantao Li retweeted
17 May 2025
Confirmed!! Dung and Nguyen (@MochiNishimiya) of STARLabs used a TOCTOU race condition to escape the VM and an Improper Validation of Array Index for the Windows privilege escalation. They earn $70,000 and 9 Master of Pwn points. #Pwn2Own
3
14
107
9,924
Big shoutout to @hi_im_d4rkn3ss & @gerrard_tai for flying over & represent us
To our 1st-timers Gerrard @cplearns2h4ck @MochiNishimiya for the awesome work
To @n0psledbyte & @st424204 for guiding the next gen & @_piers2 @bruce30262 who are part of it
Lets continue trying #Pwn2Own
1
8
89
7,345
Jiantao Li retweeted
16 May 2025
Outstanding! Nguyen Hoang Thach (@hi_im_d4rkn3ss) of STARLabs SG used a single integer overflow to exploit #VMware ESXi - a first in #Pwn2Own history. He earns $150,000 and 15 Master of Pwn points. #P2OBerlin
2
44
272
24,344
Jiantao Li retweeted
15 May 2025
Nicely done! Billy (@st424204) and Ramdhan (@n0psledbyte) of STAR Labs used a UAF to perform their Docker Desktop escape and execute code on the underlying OS. They earn $60,000 and 6 Master of Pwn Points.
18
95
8,863
Jiantao Li retweeted
15 May 2025
Confirmed! Chen Le Qi (@cplearns2h4ck) of STARLabs SG combined a UAF and an integer overflow to escalate to SYSTEM on #Windows 11. He earns $30,000 and 3 Master of Pwn points. #Pwn2Own #P2OBerlin
12
85
9,998