Xchg Labs

We spent some time digging into GPSD, and it paid off. In this new 3-part series, we break down exactly how we found multiple vulnerabilities and chained them together to achieve full remote code execution. Go check out the blog to find the series: xchglabs.com/blog #infosec #cybersecurity #exploit #RCE #vulnerability

First Qemu escape, kinda nervous... xchglabs.com/blog/escaping-…

@solardiz @v12sec @zellic_io @depthfirstlabs @bynar_io @Xbow for sure!

@v12sec @zellic_io @depthfirstlabs @bynar_io @xchglabs @xbow Any chance you'd start bringing your vulnerability disclosures in open source to oss-security, please? We want actual content in message bodies, but you may include your blog links as well. Thanks in advance.

Two new writeups dropped! On lwIP SMTP: xchglabs.com/blog/lwip-smtp… On KVM dirty-ring: xchglabs.com/blog/kvm-dirty… #infosec #lwIP #KVM #linux #IoT

One malicious SMTP server and one EHLO AUTH line. RCE on the lwIP client! We got 255-byte tx_buf, ~64 KiB of attacker bytes, and zero auth. Demo below. Patched as Savannah #68313. Writeup is at: xchglabs.com/blog/lwip-smtp… #infosec #RCE #IoT #embedded #vulnresearch #smtp

dnsmasq powers massive amounts of networking infrastructure worldwide. We found 6 0days. 5 were accredited to xchglabs and assigned CVEs. Our first technical writeup is now live: xchglabs.com/blog/dnsmasq-f… #dnsmasq #0day #cybersecurity #xchglabs

Sneak peak into the research that we've done. #pwn2own #0day #xchglabs #exploitdev

86 vulnerabilities to vendors across the AI and infrastructure stack, PyTorch, NVIDIA, Linux kernel (KVM), Oracle, Docker, Ollama, Chroma, LiteLLM, llama.cpp, and stb_image. Writeups will publish as patches ship. #cybersecurity #0day #infosec #xchglabs #pwn2own

Pwn2Own hit max capacity for the first time in history. We unfortunately couldn’t get in. We submit our research to vendors. Look to our blog for technical breakdowns coming soon! #cybersecurity #0day #reverseengineering #exploitdev #infosec #xchglabs #pwn2own