ZecOps Research Team
Hear the news first
Latest News

Crash Reproduction Series: IE Developer Console UAF
During a DFIR investigation, using ZecOps Crash Forensics on a developer’s computer we encountered a consistent crash on Internet Explorer 11. The TL;DR is that

ZecOps for Mobile DFIR 2.0 – Now Supporting iOS *AND* Android
ZecOps is excited to announce the release of ZecOps for Mobile 2.0, which includes full support for Android. With this release, ZecOps has extended its

From a comment to a CVE: Content filter strikes again!
In the past few years XNU had few vulns in a newly added/changed code areas and in the content filter area so it is no surprise that the combination of the newly added code and complex areas (content-filter) alongside with a funny comment caught our attention.

SMBleedingGhost Writeup Part III: From Remote Read (SMBleed) to RCE
Introduction Previous SMBleedingGhost write-ups: Part I Part II Part III (this) In the previous part of the series, SMBleedingGhost Writeup Part II: Unauthenticated Memory Read

SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE
Introduction In our previous blog post, we demonstrated how the SMBGhost bug (CVE-2020-0796) can be exploited for local privilege escalation. A brief reminder: CVE-2020-0796, also

SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost
TL;DR While looking at the vulnerable function of SMBGhost, we discovered another vulnerability: SMBleed (CVE-2020-1206). SMBleed allows to leak kernel memory remotely. Combined with SMBGhost,

Crash Reproduction Series: IE Developer Console UAF
During a DFIR investigation, using ZecOps Crash Forensics on a developer’s computer we encountered a consistent crash on Internet Explorer 11. The TL;DR is that

ZecOps for Mobile DFIR 2.0 – Now Supporting iOS *AND* Android
ZecOps is excited to announce the release of ZecOps for Mobile 2.0, which includes full support for Android. With this release, ZecOps has extended its

From a comment to a CVE: Content filter strikes again!
In the past few years XNU had few vulns in a newly added/changed code areas and in the content filter area so it is no surprise that the combination of the newly added code and complex areas (content-filter) alongside with a funny comment caught our attention.

SMBleedingGhost Writeup Part III: From Remote Read (SMBleed) to RCE
Introduction Previous SMBleedingGhost write-ups: Part I Part II Part III (this) In the previous part of the series, SMBleedingGhost Writeup Part II: Unauthenticated Memory Read

SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE
Introduction In our previous blog post, we demonstrated how the SMBGhost bug (CVE-2020-0796) can be exploited for local privilege escalation. A brief reminder: CVE-2020-0796, also

SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost
TL;DR While looking at the vulnerable function of SMBGhost, we discovered another vulnerability: SMBleed (CVE-2020-1206). SMBleed allows to leak kernel memory remotely. Combined with SMBGhost,