ZecOps Research Team

Crash Reproduction Series: IE Developer Console UAF

During a DFIR investigation, using ZecOps Crash Forensics on a developer’s computer we encountered a consistent crash on Internet Explorer 11. The TL;DR is that albeit this bug is not exploitable, it presents an interesting expansion to the attack surface through the Developer Consoles on browsers. While examining the stack trace, we noticed a JavaScript …

Crash Reproduction Series: IE Developer Console UAF Read More »

ZecOps supports iOs and Android

ZecOps for Mobile DFIR 2.0 – Now Supporting iOS *AND* Android

ZecOps is excited to announce the release of ZecOps for Mobile 2.0, which includes full support for Android. With this release, ZecOps has extended its best-in-class automatic digital forensics capabilities to the two most widespread and important mobile operating systems in the world, iOS and Android. We see it in the news everyday: sophisticated threat …

ZecOps for Mobile DFIR 2.0 – Now Supporting iOS *AND* Android Read More »

From a comment to a CVE: Content filter strikes again!

In the past few years XNU had few vulns in a newly added/changed code areas and in the content filter area so it is no surprise that the combination of the newly added code and complex areas (content-filter) alongside with a funny comment caught our attention.

SMBleedingGhost Writeup Part III: From Remote Read (SMBleed) to RCE

Introduction Previous SMBleedingGhost write-ups:  Part I Part II Part III (this) In the previous part of the series, SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE, we described two techniques that allow us to read uninitialized memory from the pool buffers allocated by the SrvNetAllocateBuffer function of the srvnet.sys …

SMBleedingGhost Writeup Part III: From Remote Read (SMBleed) to RCE Read More »