ZecOps Blog
Hear the news first
Exploiting SMBGhost (CVE-2020-0796) for a Local Privilege Escalation: Writeup + POC
Introduction CVE-2020-0796 is a bug in the compression mechanism of SMBv3.1.1, also known as “SMBGhost”. The bug affects Windows 10 versions 1903 and 1909, and it was announced and patched by Microsoft about three weeks ago. Once we heard about it, we...
Vulnerability Reproduction: CVE-2020-0796 POC
CVE-2020-0796 Introduction Microsoft recently announced a bug in the compression mechanism of SMBv3.1.1. The bug is also known as “SMBGhost”. This bug has serious implications in managed networks. Windows 10 versions 1903 and 1909 are affected. Lucas...
ZecOps Task-For-Pwn 0 Bounty: TFP0 POC on PAC-Enabled iOS Devices <= 12.4.2 #FreeTheSandbox
ZecOps Task-For-Pwn 0 Bounty: TFP0 POC on PAC-Enabled iOS Devices <= 12.4.2...
Checkm8 Implications on iOS DFIR, TFP0, #FreeTheSandbox, Apple, and Google
Thanks to Checkm8 – a bootrom vulnerability that exist on most iPhones/iPads (<A12), a generic method to bypass the iOS sandbox restrictions will be made public within days/weeks for all previous and future versions of iOS! An upcoming release of a...
Announcing Task For Pwn 0 (TFP0): Operation #FreeTheSandbox
Announcing Task For Pwn 0 (TFP0): Operation...
Content-Filter Strikes Back: Yet Another (Silently Patched) MacOS / iOS Kernel Use-After-Free
Introduction As we were investigating anomalies on Mobile Device Management (MDM) devices, ZecOps MacOS / iOS DFIR analysis revealed yet another vulnerability that is applicable only to managed devices. As far as we are aware, similarly to the previous...
