Category: ZecOps Blog

How iOS Malware Can Spy on Users Silently

Welcome to the first post of our latest blog series: Mobile Attacker’s Mindset In this blog series, we’re going to cover how mobile threat-actors think, and what techniques attackers use to overcome security protections and indications that our phones and…

ZecOps Announces Support for Forensics Images Acquired by GrayShift

ZecOps is pleased to announce native support of mobile forensic images acquired with Graykey. With the latest release, ZecOps is capable of digesting filesystem archives acquired by GrayKey, GrayShift’s flagship product, providing cybersecurity insights and automatic analysis for ZecOps customers.…

How iOS Malware Can Spy on Users Silently

This article has been indexed from ZecOps Blog Welcome to the first post of our latest blog series: Mobile Attackers’ Mindset In this blog series, we’re going to cover how mobile threat-actors think, and what techniques attackers use to overcome…

How iOS Malware Can Spy on Users Silently?

This article has been indexed from ZecOps Blog Welcome to the first post of our latest blog series: Mobile Attackers’ Mindset In this blog series, we’re going to cover how mobile threat-actors think, and what techniques attackers use to overcome…

Introducing ZecOps Anti-Phishing Extension

Read the original article: Introducing ZecOps Anti-Phishing Extension Phishing is a common social engineering attack that is used by scammers to steal personal information, including authentication credentials and credit card numbers. Being well known for more than 30 years, phishing…

North Korea APT Might Have Used a Mobile 0day Too?

Read the original article: North Korea APT Might Have Used a Mobile 0day Too? Following Google TAG announcement that a few profiles on twitter, were part of an APT campaign targeting security Researchers. According to Google TAG, these threat actors…

NTFS Remote Code Execution (CVE-2020-17096) Analysis

Read the original article: NTFS Remote Code Execution (CVE-2020-17096) Analysis This is an analysis of the CVE-2020-17096 vulnerability published by Microsoft on December 12, 2020. The remote code execution vulnerability assessed with Exploitation: “More Likely”,  grabbed our attention among the…

Crash Reproduction Series: Microsoft Edge Legacy

Read the original article: Crash Reproduction Series: Microsoft Edge Legacy During yet another Digital Forensics investigation using ZecOps Crash Forensics Platform, we saw a crash of the Legacy (pre-Chromium) Edge browser. The crash was caused by a NULL pointer dereference…

Crash Reproduction Series: IE Developer Console UAF

Read the original article: Crash Reproduction Series: IE Developer Console UAF During a DFIR investigation, using ZecOps Crash Forensics on a developer’s computer we encountered a consistent crash on Internet Explorer 11. The TL;DR is that albeit this bug is…

Crash Reproduction Series: IE Developer Console UAF

Read the original article: Crash Reproduction Series: IE Developer Console UAF During a DFIR investigation, using ZecOps Crash Forensics on a developer’s computer we encountered a consistent crash on Internet Explorer 11. The TL;DR is that albeit this bug is…

SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost

Read the original article: SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost TL;DR While looking at the vulnerable function of SMBGhost, we discovered another vulnerability: SMBleed (CVE-2020-1206). SMBleed allows to leak kernel memory remotely. Combined with SMBGhost, which was patched three…

SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost

Read the original article: SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost TL;DR While looking at the vulnerable function of SMBGhost, we discovered another vulnerability: SMBleed (CVE-2020-1206). SMBleed allows to leak kernel memory remotely. Combined with SMBGhost, which was patched three…