Our team has been busy over the past months, we have handled different incidents like ransomware (including negotiating with the attackers and paying the ransom), targeted attacks towards software vendors, as well as different researches. Hopefully we will share some of our experience about the incidents in the coming blog…

Researcher: {Alan Ho} A critical vulnerability for Apache Log4j was discovered and published, it has a huge impact to countless servers. There are already posts describing the details of the vulnerability (CVE-2021–44228), so we are just going to do a demonstration on how this vulnerability can be manipulated. We have…

by {FileDescriptor, Ozetta, Alanh0, Darkfloyd, Dragon, Byron, PilotOwl, Ken} Introduction We have found various vulnerabilities of Gather.town and reported to Gather, they have made and fixed the issues promptly and we are thankful for their generosity to gift us 2000 USD even they have no bounty program. Discoveries RCE on Gather town…

Research Team: Anthony Lai, Alan Ho, and Ken Wong from VXRL October 2021 Background Recently, we have dealt with ransomware incidents and can restore the ransomware binary from the C:\perflogs folder in the victim machine, which is afterward executed to encrypt the entire NAS file server. Given this incident, we hope…

Cloud security has been a hot topic. As more and more organizations go to the cloud, security breaches and incidents hitting the news headlines have been catching the eyes of the general public, making some people skeptical to embracing the cloud. However, when we look at the security controls of…