Most will talk about the success in their year-end posts. Great. Nobody talks about the failures. Nobody talks about what ACTUALLY happened.

Well, we are going to tell you about OUR STORY - the success AND the failures. The whole thing. Because that’s how we actually learn…from our own mistakes.

So here it is, UNFILTERED. Buckle up.

PWN2OWN 2025 BERLIN & IRELAND

We could only bring one of our interns, Gerrard Tai, along with us to Pwn2Own. Not to watch from the sidelines, but to COMPETE. He was right there with us, building exploit chains, debugging our team members’ codes while under pressure and experiencing the absolute rush of pwning devices on the world stage.

In Pwn2Own 2025 Berlin, we walked away with our 2nd Master of Pwn.
Read more →

In Pwn2Own 2025 Ireland, we managed to pwn 2 devices along with many interns. We nearly got 3 entries if you read this. Read more →

When the exploits succeeded, some of us ugly cried internally. No shame about that.

OFF-BY-ONE CONFERENCE: ROUND 2, FIGHT!

Around 300 people showed up for our 2nd Edition of Off-By-One:

• Probably Southeast Asia’s FIRST speedrun CTF (massive thanks to Riatre, Yudai Fujiwara and Li Jiantao for making this absolutely wild CTF)
• Smart weighing machine hacking by Eugene Lim (your bathroom scale has secrets)
• Lockpick contest by Locksports SG
• CrackMe challenge by E-Shard
• Range Village v1.0 by ASYNC Security Labs
• Lanyard and electronic badge challenges by our team (even the conference swag was hackable)

A huge number of students got to attend the conference for FREE due to the genrousity from ISD (Internal Security Department) and INTfinity (Thanks to Delaney Ng and Benjamin Tan).

The best part? Some speakers told us they didn’t need travel reimbursements. We asked if we could donate those funds to charity instead - they said yes! We did dollar-to-dollar matching and sent everything to Singapore Children’s Cancer Foundation. We don’t usually talk about monetary donations, but the goodwill from our speakers deserved to be shared.

There are incredible and generous people and Govt agencies in this community.

MSRC TOP 100

Two of our team members, Chen Le Qi and Cherie-Anne Lee managed to be in Microsoft’s MSRC Top 100.
Read more →

Conferences Talks

We took our research around Asia this year:

Code Blue Japan - Presented TWO talks because one wasn’t enough. The jetlag was real but worth every minute.
Talk 1 →
Talk 2 →

HITCON - HITCON welcomed us and our team members delivered.
Read more →

CTF CHAOS: BECAUSE WE LIVE FOR THIS

Windows Exploitation Challenge - Built a Windows Exploitation challenge where the prize was a free ticket to Off-By-One Conference. That’s right, Exploit your way into our event.
Read more →

Summer Pwnables - Summer is for pwning! We gave out cash prizes and copies of Eugene “Spaceraccoon” Lim’s “From Day Zero to Zero Day” book. Winners collected their books directly from Eugene at the National Library book launch AND received a limited edition spaceraccoon plushie. Those plushies are legit collector’s items now.
Read more →

Women in Tech Singapore - Hex Advent - The local Singapore women in tech community created 12 days of hacking challenges spread across the entire month of December with 0-days rest for the participants. 🎄 Each day brought a new challenge. No chocolate advent calendar here, just pure adrenaline cyberseucrity goodness.
Read more →

We sponsored NanoSec Asia and RE//verse because we believe in supporting the security community. Honestly wanted to sponsor more conferences but we can’t due to budget constraints. Hopefully we can do more in 2026.
NanoSec →
RE//verse →

GIVING BACK (BECAUSE HACKERS HAVE HEARTS, NOT JUST BLACK HOODIES)

November 2024: Operation Happy Meals Drop - Rolled up to CPAS West School and gave EVERY single student and staff member a McDonald’s Happy Meal. Our first CSR mission and honestly? The smiles hit different. We found a vulnerability that day, turns out our hearts aren’t as hardened as our servers.
Read more →

Early 2025: Meals on Wheels Programme - All the team members in Singapore office distributed meals to people who needed them. Because hackers care about people, not just systems.
Read more →

Our philosophy? Exploit vulnerabilities in code, never in people.

💀 AND NOW, Our Epic Failures 💀

THE DEVICE GRAVEYARD

We bricked “Some” DEVICES along the way. An honestly embarrassing amount of hardware. Devices came in full of potential, left as expensive paperweights. IoT devices? More like IoT bricks or IoT Junkyard now.

RIP to all the silicon that sacrificed itself so we could learn what NOT to do. The real vulnerability was thinking we could do hardware research without casualties.

THE RESEARCH BLACK HOLES

Want to know what’s humbling? Spending MONTHS on a research path. Late nights. Digital Whiteboards covered with diagrams. Getting SO close you can taste success.

And then discovering it leads to absolutely nowhere.

🎵 97 research paths on the wall, 97 research paths,
Take one down, debug all night, no exploit in sight,
98 failed paths on the wall.

98 research paths on the wall, 98 research paths,
Take one down, debug all night, still nothing works right,
99 failed paths on the wall. 🎵

We are now experts in 99 different ways things that DON’T WORK. It’s like that drinking song, except we are collecting failed exploit chains instead of emptying bottles. Our research graveyard has more dead ends than we would like to admit. But that’s the reality of R&D - sometimes Research & Development becomes “Research & Destruction” or “Really Didn’t work as planned.” And that’s part of our learning process.

THE ACTUAL TAKEAWAY

Every bricked device taught us something valuable. Every research dead-end saved someone else months of wasted effort. Every missed deadline made us better at planning. Every failure got us closer to something that actually worked.

Behind the scenes, 2025 was messy and chaotic. There were definitely moments while debugging that we questioned our life choices. But we built community, supported students, pushed research forward, brought our interns to elite international competitions and created opportunities for others.

Special shoutout to our interns who competed at Pwn2Own alongside us. You are phenomenal and we are proud of you.