Researcher: {Alan Ho}

A critical vulnerability for Apache Log4j was discovered and published, it has a huge impact to countless servers.

There are already posts describing the details of the vulnerability (CVE-2021–44228), so we are just going to do a demonstration on how this vulnerability can be manipulated.

We have…

by {FileDescriptor, Ozetta, Alanh0, Darkfloyd, Dragon, Byron, PilotOwl, Ken}


We have found various vulnerabilities of and reported to Gather, they have made and fixed the issues promptly and we are thankful for their generosity to gift us 2000 USD even they have no bounty program.


  1. RCE on Gather town…

Research Team:
Anthony Lai, Alan Ho, and Ken Wong from VXRL

October 2021


Recently, we have dealt with ransomware incidents and can restore the ransomware binary from the C:\perflogs folder in the victim machine, which is afterward executed to encrypt the entire NAS file server.

Given this incident, we hope…

Vulnerabilities discovery can be challenging for novice. In our talk, we will share the steps(and failure) we went through from beginner until finding 2 apple safari CVE (CVE-2019–8678,CVE-2019–8685)

In the first part of our talk, we will walkthrough some of the trick we used for target enumeration and corpus collection. Then ,we will share the steps we made to get the 2 CVE with public fuzzer. Lastly, we will go through the root cause analysis of these bugs and demonstrate how we do it for beginners.

Did you enjoy this post? Want to find out more about us? Contact us

Originally published at on July 23, 2020.

The team recently conducted a 4-day-workshop coordinated by HKPC, the training is focusing on Red / Blue Team Testing.

The primary aim of this workshop is to train up the participants to equip with the skillset from the both sides of the world: RED team focuses on penetration testing of…

Locality Sensitive Hashing is an algorithm for similarity between documents, and we can take it and apply this algorithm to cybersecurity area including malware comparison. This survey paper is not about how to compare Malware but give the audience a ground to understand the ground of LSH.

Did you enjoy this post? Want to find out more about us? Contact us

Originally published at on March 3, 2020.


VXRL Team is founded by group of enthusiastic security researchers, providing information security services and contribute to the community.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store