Research Lab
+44 20 3996 1505

Research Lab

Expert Insights on Penetration Testing, PCI DSS, Web3 Security & Emerging Threats

Book A Consultation arrow Free 30-min session with our management team

Research Lab

Our research lab is a core element of our work, dedicated to advancing security through collaboration with the wider security research community. We focus on everyday technologies that affect large numbers of people, with recent attention on mobile communication and payment systems. Our mission is to address vulnerabilities before they can be exploited, and where this is not possible, to openly discuss flaws to raise awareness.

The lab operates as an open collective of like-minded innovators. If you are interested in our projects or wish to collaborate, we encourage you to reach out.

  • Review of an application to vulnerabilities

  • Creation of Proof of Concept exploits

  • Contact the manufacturer

  • Wait for the manufacturer's feedback

  • Where appropriate, functional patches addressing the vulnerabilities will be delivered

  • If the manufacturer provides safety instructions, a patch for the vulnerability will be published

In the following section you will find a list of some of our findings

img

Google Chrome 109.0.5414.74

Unsafe Library Load

Details
img

Turtlapp Turtle Note v0.7.2.6

HTML injection

Details
img

QNAP Device

Path Traversal

Details
img

DuckDuckGo

7.64.4

Details
img

Parallels Plesk Panel

9.5

Details
img

Poking A Hole In Whitelist For Bypassing Firewall

Firewall Bypass

Details
img

Bypassing Browser Security Policies For Fun And Profit

Browser Security Bypass

Details
img

Microsoft Internet Explorer 11 XSS Filter Bypass

XSS Filter Bypass

Details
img

Drupal

8.0.x-dev

Cross Site Scripting

Details
img

Shell Shock Auto Exploitation Script

Shellshock Vulnerability

Details
img

Maxthon Browser

Address Bar Spoofing

Details
img

CM Browser

SOP Bypass

Details
img

Google Chrome 36.0

XSS Auditor Bypass

Details
img

Android Browser

Same Origin Policy Bypass

Details
img

HTML5 Modern Day Attack And Defiance Vectors

Whitepaper called HTML5 Modern Day Attack and Defence Vectors

Details
img

WordPress TimThumb Finder
1.0 Beta

This is a python script that scans a webserver for timthumb.php

Details
img

Laravel Security

XSS Filter Bypass

Details
img

WordPress Infocus Theme

Cross Site Scripting

Details
img

phpMyRecipes 1.x.x XSS / CSRF / SQL Injection

phpMyRecipes version 1.x.x suffers from XSS, CSRF, SQL Injection vulnerabilities.

Details
img

Bypassing Modern Web Application Firewalls

WAF Bypass

Details
img

Joomla Flexi content

Remote Code Execution

Details
img

phpThumb 1.7.12

Server Side Request Forgery

Details
img

Joomla JMultimedia

Command Execution

Details
img

WordPress Pretty Photo

Cross Site Scripting

Details
img

Eclipse.org

SQL Injection

Details
img

OWASP Java Encoder

Filter Bypass

Details
img

Google Chrome 31.0

Webkit Auditor Bypass

Details
img

Mental JS Sandbox Bypass

Sandbox Bypass

Details
img

Modsecurity

Cross Site Scripting Bypass

Details
Active incident

Need incident response support?

If you have an active security incident, ransomware, business email compromise, suspected data exfiltration, web compromise, our senior IR consultants can engage same-day. Retainer clients use the priority channel agreed in scoping.

Call +44 20 3996 1505 About our IR retainer

You have Questions, We have Answers

RedSecLabs provides various cybersecurity services, including cybersecurity posture assessments, threat risk assessments, security gap assessments, vulnerability assessments, privacy risk assessments, cybersecurity architecture assessments, ransomware preparedness assessments, and more.

RedSecLabs offers web app pentesting, network pentesting, mobile app pentesting, API pentesting, and cloud penetration testing for platforms like AWS and GCP.

RedSecLabs focuses on manual penetration testing techniques performed by experienced security specialists, ensuring a deep understanding of business logic and uncovering vulnerabilities that automated scanners might miss.

Yes, RedSecLabs offers 24/7 incident assistance and security crisis support, including malware removal and incident analysis services.

RedSecLabs provides ISO 27001 certification preparation, PCI-DSS readiness assessments, and cybersecurity due diligence assessments.

Yes, RedSecLabs offers virtual CISO services, including cybersecurity strategy and roadmap development, policy and standards creation, and architecture and roadmap planning.

Our Incident Response practice covers ransomware preparedness assessment, SOC maturity assessment, and the incident response retainer. These are consulting assessments and pre-arranged response engagements, not managed services.

RedSecLabs employs hand-picked industry experts and senior security specialists for their services, adhering to international standards and best practices in cybersecurity.
Call us Book a call