by {FileDescriptor, Ozetta, Alanh0, Darkfloyd, Dragon, Byron, PilotOwl, Ken}


We have found various vulnerabilities of and reported to Gather, they have made and fixed the issues promptly and we are thankful for their generosity to gift us 2000 USD even they have no bounty program.


  1. RCE on Gather town…

Research Team:
Anthony Lai, Alan Ho, and Ken Wong from VXRL

October 2021


Recently, we have dealt with ransomware incidents and can restore the ransomware binary from the C:\perflogs folder in the victim machine, which is afterward executed to encrypt the entire NAS file server.

Given this incident, we hope…

Vulnerabilities discovery can be challenging for novice. In our talk, we will share the steps(and failure) we went through from beginner until finding 2 apple safari CVE (CVE-2019–8678,CVE-2019–8685)

In the first part of our talk, we will walkthrough some of the trick we used for target enumeration and corpus collection. Then ,we will share the steps we made to get the 2 CVE with public fuzzer. Lastly, we will go through the root cause analysis of these bugs and demonstrate how we do it for beginners.

Did you enjoy this post? Want to find out more about us? Contact us

Originally published at on July 23, 2020.

The team recently conducted a 4-day-workshop coordinated by HKPC, the training is focusing on Red / Blue Team Testing.

The primary aim of this workshop is to train up the participants to equip with the skillset from the both sides of the world: RED team focuses on penetration testing of…

Locality Sensitive Hashing is an algorithm for similarity between documents, and we can take it and apply this algorithm to cybersecurity area including malware comparison. This survey paper is not about how to compare Malware but give the audience a ground to understand the ground of LSH.

Did you enjoy this post? Want to find out more about us? Contact us

Originally published at on March 3, 2020.

AVTOKYO is the Japanese community oriented Computer Security Short Conference.

AVtokyo used to be the drinking party right after the Black Hat Japan until 2007. It worked as the relaxed networking party to exchange information only among the Black Hat Japan attendees.

The Conference is organized by good friends of VXRL, our team will try to participate the conference every year :)


VXRL Team is founded by group of enthusiastic security researchers, providing information security services and contribute to the community.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store