ZecOps Research Team
Latest News
SMBleedingGhost Writeup Part III: From Remote Read (SMBleed) to RCE
Introduction Previous SMBleedingGhost write-ups: Part I Part II Part III (this) In the previous part of the series, SMBleedingGhost Writeup Part II: Unauthenticated Memory Read
SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE
Introduction In our previous blog post, we demonstrated how the SMBGhost bug (CVE-2020-0796) can be exploited for local privilege escalation. A brief reminder: CVE-2020-0796, also
SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost
TL;DR While looking at the vulnerable function of SMBGhost, we discovered another vulnerability: SMBleed (CVE-2020-1206). SMBleed allows to leak kernel memory remotely. Combined with SMBGhost,
Hidden demons? MailDemon Patch Analysis: iOS 13.4.5 Beta vs. iOS 13.5
Summary and TL;DR Further to Apple’s patch of the MailDemon vulnerability (see our blog here), ZecOps Research Team has analyzed and compared the MailDemon patches
Seeing (Mail)Demons? Technique, Triggers, and a Bounty
Impact & Key Details (TL;DR) Demonstrate a way to do a basic heap spray We were able to use this technique to verify that this
You’ve Got (0-click) Mail!
Updates We published another writeup: https://blog.zecops.com/vulnerabilities/seeing-maildemons-technique-triggers-and-a-bounty/ The vulnerability affected even the first iPhone (aka iPhone 1 / iPhone 2G) on iOS 3.1.3. First in-the-wild trigger
SMBleedingGhost Writeup Part III: From Remote Read (SMBleed) to RCE
Introduction Previous SMBleedingGhost write-ups: Part I Part II Part III (this) In the previous part of the series, SMBleedingGhost Writeup Part II: Unauthenticated Memory Read
SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE
Introduction In our previous blog post, we demonstrated how the SMBGhost bug (CVE-2020-0796) can be exploited for local privilege escalation. A brief reminder: CVE-2020-0796, also
SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost
TL;DR While looking at the vulnerable function of SMBGhost, we discovered another vulnerability: SMBleed (CVE-2020-1206). SMBleed allows to leak kernel memory remotely. Combined with SMBGhost,
Hidden demons? MailDemon Patch Analysis: iOS 13.4.5 Beta vs. iOS 13.5
Summary and TL;DR Further to Apple’s patch of the MailDemon vulnerability (see our blog here), ZecOps Research Team has analyzed and compared the MailDemon patches
Seeing (Mail)Demons? Technique, Triggers, and a Bounty
Impact & Key Details (TL;DR) Demonstrate a way to do a basic heap spray We were able to use this technique to verify that this
You’ve Got (0-click) Mail!
Updates We published another writeup: https://blog.zecops.com/vulnerabilities/seeing-maildemons-technique-triggers-and-a-bounty/ The vulnerability affected even the first iPhone (aka iPhone 1 / iPhone 2G) on iOS 3.1.3. First in-the-wild trigger
