Advanced Security Research

DEFION Research Labs.

DEFION Research Labs blends cutting-edge security research with real-time threat intelligence to stay ahead of modern adversaries. Our mission goes beyond technology: we actively contribute to societal security through public–private collaboration, ensuring our insights deliver real-world impact.

Articles

Pwn2Own

NMR

No More Ransom

Follow research labs updates

All research

Malware

25 July 2024

DoNex/DarkRace Ransomware Decryptor

Read →

Windows

14 June 2024

CVE-2024-20693: Windows cached code signature manipulation

Read →

iOS & macOS

5 April 2024

Bringing process injection into view(s): exploiting all macOS apps using nib fil...

Read →

iOS & macOS

13 October 2023

Process injection: breaking all macOS security layers with a single vulnerabilit...

Read →

Pwn2Own

22 July 2022

Pwn2Own Miami 2022: Inductive Automation Ignition Remote Code Execution

Read →

Pwn2Own

19 July 2022

Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass

Read →

Cryptography

3 February 2022

CoronaCheck App TLS certificate vulnerabilities

Read →

iOS & macOS

21 December 2021

Sandbox escape + privilege escalation in StorePrivilegedTaskService

Read →

App Security

14 December 2021

Proctorio Chrome extension Universal Cross-Site Scripting

Read →

Pwn2Own

23 August 2021

Zoom RCE from Pwn2Own 2021

Read →

iOS & macOS

7 October 2020

iOS VPN support: 3 different bugs

Read →

iOS & macOS

1 July 2020

Sign in with Apple - authentication bypass

Read →

DevOps

30 January 2020

Jenkins - authentication bypass

Read →

Cryptography

25 November 2019

DNS rebinding for HTTPS

Read →

DevOps

4 July 2019

Spring Security - insufficient cryptographic randomness

Read →

Network

14 August 2018

XenServer - path traversal leading to authentication bypass

Read →

App Security

19 July 2018

Volkswagen Auto Group MIB infotainment system - unauthenticated remote code exec...

Read →

DevOps

12 July 2017

NAPALM - command execution on NAPLM controller from host

Read →

DevOps

25 April 2017

MySQL Connector/J - Unexpected deserialisation of Java objects

Read →

DevOps

9 January 2017

Ansible - command execution on Ansible controller from host

Read →

Network

10 November 2016

Observium - unauthenticated remote code execution

Read →

Cryptography

18 August 2016

cSRP/srpforjava - obtaining of hashed passwords

Read →

Cryptography

30 June 2016

StartEncrypt - obtaining valid SSL certificates for unauthorized domains

Read →

Background: actively powered by DEFION, driven by impact

DEFION Research Labs grew out of DEFION's earlier internal research initiatives, a space where pentesters and security engineers developed new ideas, explored technologies they were passionate about, and contributed to projects with societal value. These early efforts accelerated innovation inside DEFION and helped our specialists grow beyond their day-to-day assignments.

By 2020, our ambitions had surpassed what part-time research could achieve. To stay ahead of evolving threats, and to meaningfully contribute to the broader security ecosystem, we committed dedicated time, people, and resources to full-scale research and intel gathering.

Projects & Contact

All of our published research projects can be found on this site. We are always working on new research, which will be published here when possible.

If you would like to contact us, you can find our contact details on our contact page. For example if you have an interesting research proposal for us, or if you would like to find out if we would be available to give a presentation at your security conference or event. For tours and visiting we are open for students or fellow researchers.

Interested in our research?

[email protected]

Contact Research Labs Responsible Disclosure

DEFION Research Labs.

All research

DoNex/DarkRace Ransomware Decryptor

CVE-2024-20693: Windows cached code signature manipulation

Bringing process injection into view(s): exploiting all macOS apps using nib fil...

Don’t Talk All at Once! Elevating Privileges on macOS by Audit Token Spoofing

Adobe Acrobat privilege escalation

Getting SYSTEM on Windows in style

Technical analysis of the Genesis Market

Bad things come in large packages: .pkg signature verification bypass on macOS

Pwn2Own Miami 2022: ICONICS GENESIS64 Arbitrary Code Execution

Pwn2Own Miami 2022: Unified Automation C++ Demo Server DoS

Pwn2Own Miami 2022: AVEVA Edge Arbitrary Code Execution

Process injection: breaking all macOS security layers with a single vulnerabilit...

Pwn2Own Miami 2022: Inductive Automation Ignition Remote Code Execution

Pwn2Own Miami 2022: OPC UA .NET Standard Trusted Application Check Bypass

CoronaCheck App TLS certificate vulnerabilities

Sandbox escape + privilege escalation in StorePrivilegedTaskService

Proctorio Chrome extension Universal Cross-Site Scripting

Zoom RCE from Pwn2Own 2021

iOS VPN support: 3 different bugs

Sign in with Apple - authentication bypass

Jenkins - authentication bypass

DNS rebinding for HTTPS

Spring Security - insufficient cryptographic randomness

XenServer - path traversal leading to authentication bypass

Volkswagen Auto Group MIB infotainment system - unauthenticated remote code exec...

NAPALM - command execution on NAPLM controller from host

MySQL Connector/J - Unexpected deserialisation of Java objects

Ansible - command execution on Ansible controller from host

Observium - unauthenticated remote code execution

cSRP/srpforjava - obtaining of hashed passwords

StartEncrypt - obtaining valid SSL certificates for unauthorized domains

Background: actively powered by DEFION, driven by impact

Projects & Contact

Interested in our research?