All our latest Blogpost and News about Offensive Security!
Exploiting n-day in the wild Reproducing CVE-2026-23111: How one character can change everything To prepare for Pwn2Own Berlin 2026, we decided to reproduce a known kernel CVE on Red Hat (kernel 6.12.0-124.38.1.el10_1, which was the latest version at the time). We chose the nf_tables subsystem because we were not very familiar with it and wanted to better…
applied AI for Cybersecurity Benchmarking LLM agents for vulnerability research AI agents appear to be a powerful tool for advancing vulnerability research and securing modern applications. At FuzzingLabs, we decided to take a deep dive into this topic to assess its real-world potential. We conducted experiments by building AI agents using various LLMs, with the…
Vulnerable Ollama instances Is Your Ollama Server Publicly Exposed? In recent months, the rapid adoption of AI model serving tools like Ollama has transformed how developers and researchers deploy and interact with large language models locally. Ollama exposes a simple HTTP API—by default on port 11434—to manage, run, and query/infer language models such as LLaMA…
applied AI for Cybersecurity AI Agents for application security testing What if AI could autonomously find, trace, and exploit vulnerabilities in code? The rise of AI agents has opened many new possibilities, but one remains underexplored in security: combining static and dynamic testing in a unified, autonomous pipeline. Today’s app-sec solutions typically focus on either…
Ai-assisted Android application reversing Benchmarking Android APK Deobfuscation using Small Local LLMs Tool Overview – Deobfuscate-android-app Android applications are commonly obfuscated before release, especially when they handle sensitive logic such as authentication, license verification, or cryptographic routines. Obfuscation tools like ProGuard and R8 rename classes and methods, remove debug information, and flatten control flows to…
AI-Driven Threat Modeling LLMs for Automated STRIDE Analysis Threat modeling has always been about understanding how the components of an application interact, where the boundaries lie, and what could go wrong at each connection. Traditionally, this process has been manual, relying on diagrams and the expertise of security professionals to map out relationships and identify…
Attacking & Fuzzing of Polkadot Node Triggering Denial-of-Service via Gossamer RPC Flaws Gossamer is a Go-based implementation of a Polkadot node, developed by ChainSafe Systems. It allows interaction with the Polkadot network, enabling users to participate as full nodes, validators, or other roles. In this post, we will show you what we did to find…
REcon 2025 – Training Announcement Fuzzing Windows Userland Applications Training Master the art of uncovering vulnerabilities in Windows applications with our in-depth Windows Fuzzing training at ReCon 2025! This hands-on course will guide you through the fundamentals of fuzzing, advanced techniques like grammar-based and symbolic execution, and real-world applications targeting browsers, antivirus software, and more….
REcon 2025 – Training Announcement Rust Development for Cybersecurity Training Dive into the world of cutting-edge cybersecurity tools with our exclusive Rust Development for Cybersecurity Training! Led by experts Matthieu Christophe and Tanguy Duhamel, this hands-on program will equip you with advanced Rust techniques to build defensive and offensive security tools, unlocking your potential to…
OffensiveCon 2025 – Training Announcement Practical Web Browser Fuzzing Training Kickstart your journey into the intricate world of web browser fuzzing at OffensiveCon 2025! This exclusive training, led by experts Patrick Ventuzelo and Tanguy Duhamel, is your opportunity to master advanced fuzzing techniques and uncover vulnerabilities in some of the most widely used software globally….
| Cookie | Duration | Description |
|---|---|---|
| cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
| cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
| cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
| cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
| cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
| viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |