Following Google TAG announcement that a few profiles on twitter, were part of an APT campaign targeting security Researchers. According to Google TAG, these threat actors are North Koreans and they had multiple goals of establishing credibility by publishing a well thought of blog posts as well as interacting with researchers via Direct Messages and …
North Korea APT Might Have Used a Mobile 0day Too? Read More »
This is an analysis of the CVE-2020-17096 vulnerability published by Microsoft on December 12, 2020. The remote code execution vulnerability assessed with Exploitation: “More Likely”, grabbed our attention among the last Patch Tuesday fixes. Diffing ntfs.sys Comparing the patched driver to the unpatched version with BinDiff, we saw that there’s only one changed function, NtfsOffloadRead. …
NTFS Remote Code Execution (CVE-2020-17096) Analysis Read More »
ZecOps is proud to share that we detected multiple exploits by the threat actors that recently targeted Aljazeera’s journalists before it was made public. The attack detection was automatically detected using ZecOps Mobile DFIR. In this blog post, we’ll share our analysis of the post-exploitation kernel panics observed on one of the targeted devices. Key …
Remote iOS Attacks Targeting Journalists: More Than One Threat Actor? Read More »
This is a story about a Microsoft Teams crash that we investigated recently. At first glance, it looked like a possible arbitrary code execution vulnerability, but after diving deeper we realized that there’s another explanation for the crash. TLDR; ZecOps ingested and analyzed an event that seems exploitable on a Windows machine from Microsoft Teams …
Crash Analysis Series: An exploitable bug on Microsoft Teams ?! A Tale of One Bit Read More »
