The history of humanity’s domestication of wolves has spanned forty thousand years – we used firelight and patience to soften the wildness in their eyes, transforming their fangs into the loyalty that guards our homes. When various robot dogs created by America’s Boston Dynamics and China’s Unitree Robotics leap and flip gracefully under the spotlight, this ancient symbiotic relationship seems to take on a new meaning in the cyber age: trust that once required thousands of years of ge...| DARKNAVY
Both the Attackers and Victims Made Critical Mistakes --- On February 21, 2025, the cryptocurrency exchange Bybit experienced the most significant financial loss in Web3 history when nearly $1.5 billion was illicitly transferred from its multi-signature wallet by North Korean threat actors. The DARKNAVY team has been closely monitoring security developments within the Web3 ecosystem. Following the Bybit incident, we conducted a reconstruction of the attack, analyzing it from the perspectives ...| DARKNAVY
In the era of mobile internet, user traffic is the lifeline of manufacturers. In this battle for traffic, smartphone manufacturers hold the most overwhelming advantage — ultimate control over the operating system. By deeply customizing AOSP, manufacturers not only gain precise control over user and app activities but can even manipulate and interfere with user choices. Ordinarily, few companies would choose to violate regulations and abuse their privileges to harm consumers. However, in 202...| DARKNAVY
In the field of cybersecurity, vulnerability disclosure has long been regarded as a crucial step in safeguarding users. However, in practice, this process is fraught with controversy and contradictions. What truly constitutes “responsible disclosure”? When vendors dominate the public release of information and patch deployment, while security researchers invest substantial time and energy in negotiations, can this model still fulfill its intended purpose of protecting user security? In an...| DARKNAVY
In the increasingly intense offense and defense confrontation of 2024, security software has always been regarded as an important cornerstone of the corporate security defense line. However, these security softwares themselves may also have vulnerabilities and could be exploited by attackers as a springboard for intrusions to harm users. Over the years, incidents caused by security software have raised a question — can security software really be trusted? The following is the eighth article...| DARKNAVY
In recent years, the evolution of vulnerabilities and defense techniques has been continuous. From the days when a simple stack overflow could compromise a system, to the present day, where sophisticated techniques are necessary to bypass multiple layers of defense. The “shield” and the “spear” are in dynamic confrontation: whenever new defense measures are introduced, new attack methods emerge in response. The enhancement of defense mechanisms compels attackers to seek out new vulner...| DARKNAVY
Does open source guarantee that there are no backdoors? At the 1983 Turing Award ceremony, Ken Thompson raised this question. As one of only three legends to win the Turing Award before the age of 40, he demonstrated how to hack Unix systems compiled from harmless source code by implanting backdoors in compilers, remaining a tale frequently cited by hackers to this day. In 2024, the XZ backdoor incident resurfaced this question. Under the nose of the open-source community, attackers successfu...| DARKNAVY
At the beginning of 2025, the five-year “Siri Eavesdropping Scandal” finally came to an end. Apple settled a class-action lawsuit with the plaintiffs for $95 million. This well-known privacy case started when users accused Siri of accidentally capturing and recording their everyday conversations without permission, and leaking the data to third-party advertisers. Even though Apple firmly denied these claims, public concern over privacy security is growing day by day. Now, we share massive...| DARKNAVY
Under the collective efforts of security researchers and increasingly stringent security mitigations, most memory vulnerabilities have been nipped in the bud. Is it time to declare memory vulnerabilities a thing of the past? In July 2024, a “nuclear bomb” from the Windows camp shattered the illusion of security. We can’t help but ask: When faced with threats from memory, just how much can the walls in front of us really defend against?| DARKNAVY
2023 was the dawn of generative AI and large language models, which output content in unprecedented ways. In 2024, a large number of AI agents emerged, expanding the capabilities of LLM, driving more widespread tool usage, and extending their application to more fields. For security researchers, how to leverage AI to improve work efficiency, and even drive AI to think, analyze, and find vulnerabilities like humans, has become a key topic.| DARKNAVY
Since the early 2000s, attacks based on browser vulnerabilities have remained a mainstream, effective, and versatile attack method. The following is the second article from the “DARKNAVY INSIGHT | 2024 Annual Security Report”. According to the latest report from market research firm Statcounter, Chrome has unquestionably secured its position as the most dominant browser in terms of market share. Chrome is renowned for its exceptional security, with the Google security team continuously re...| DARKNAVY
In the “DARKNAVY INSIGHT | 2023 Annual Security Report”, we noted: “As we stand on the precipice of the next decade, 2023 will undoubtedly be a year of profound transformation. The deployment of new defense mechanisms and the rise of novel attack technologies will fundamentally reshape the digital security landscape.” The year 2024 arrived like a swift gust of wind, only to fade away like a brief storm. The AI revolution, breakthroughs in mobile operating systems, and challenges in su...| DARKNAVY
We are DARKNAVY, an independent and free-spirited security research team and service provider. We have established AVSS (Adversarial Vulnerability Scoring System) to evaluate vulnerabilities and the effectiveness of system mitigation mechanisms in real adversarial environments. Over the past 20 years, we have been at the forefront of cybersecurity research and application, winning multiple world championships. We have also established GEEKCON, a unique and top-class security geek competition,...| DARKNAVY
In 2024, Web3 security incidents caused by private key leaks have surged, resulting in estimated financial losses exceeding $855 million. Private keys function as the sole credentials for blockchain accounts, controlling access to all associated on-chain assets like cryptocurrencies and NFTs. Due to the decentralized nature of blockchain, losing the private key means permanently losing account control, while leakage typically results in asset theft. Hardware wallets, utilizing techniques like...| Blog on DARKNAVY
As logistics drones weave through buildings and surveying equipment delineates urban landscapes, the capillaries of the low-altitude economy are sketching the future with millimeter-level precision. DARKNAVY consistently focuses on the construction and breaching of drone security defenses. In this research, we discovered a fatal exploit chain in DJI remote control devices, leading to the complete compromise of the security defenses within the DJI remote controller. How can we assist industry ...| Blog on DARKNAVY
In May of this year, we noticed that Chrome fixed a V8 vulnerability that was being exploited in the wild in this update. We quickly pinpointed the fix for this vulnerability and discovered that it was a rare bug in the Parser module, which piqued our interest greatly. This led to the following research. From Patch to PoC First, let’s take a look at the patch for this vulnerability: diff --git a/src/ast/scopes.cc b/src/ast/scopes.cc index 660fdd2e9ad..de4df35c0ad 100644 --- a/src/ast/scopes...| Blog on DARKNAVY
Introduction The Chromium Embedded Framework (CEF) is an open-source framework that allows developers to embed the Chromium engine in their applications. Although CEF is widely employed in a range of popular software, including WeChat and the Epic Games Launcher, there has been little security research on it. In this article, we will use the Steam Client Browser (a CEF-based application) as an example to present the vulnerabilities we found and how we exploited them to build three Remote Code...| Blog on DARKNAVY
As consumers, when faced with five different brands and models of smartphones or ten different smart cars, it’s difficult for us to determine which one can effectively prevent our privacy from being stolen or maliciously accessed, such as our location or even hearing our conversations inside the car. Even as ordinary consumers, we currently have no way of knowing. As technology professionals who have long studied in APT(Advanced Persistent Threat) attacks, we understand that these devices c...| Blog on DARKNAVY
Introduction In 2018, with the release of ARMv8.5-A, a brand new chip security feature MTE (Memory Tagging Extensions) emerged. Five years later, in 2023, the first smartphone to support this feature was released — Google Pixel 8 — marking the official entry of MTE into the consumer market. Although this feature is not yet enabled by default, developers can turn it on themselves for testing. As a powerful defense against memory corruption, there has not yet been a comprehensive analysis o...| Blog on DARKNAVY
Introduction When we examine a third-party library vulnerability in a real environment, we often encounter numerous complex variables that exist within the vulnerability’s context. Exploiting such a vulnerability is not as easy as one might imagine. Here is the information we know: The overflowed variable huffman_tables, has a size of 0x2f28. The heap chunk is allocated in the renderer’s ThreadPool, while most objects are allocated in the main thread. We can write a partially controlled 4...| Blog on DARKNAVY
I think the human race has no future if it doesn’t go to space. —— Stephen Hawking Starlink is a low Earth orbit (LEO) satellite internet service provided by SpaceX. Users connect to near-Earth orbit satellites through a user terminal, which then connects to the internet via ground gateways. As the new generation of satellites gradually incorporates laser links, some satellites can communicate with each other via laser. This both reduces reliance on ground stations and improves transmis...| DARKNAVY
