During a Digital Forensics investigation, ZecOps made an interesting finding: a cheap burner device that purported to be an Android 10 was actually an old Android 6. In the first part of the series, we presented how attackers can ‘fake’…
Tag: ZecOps Blog
ZecOps Announces Support for Forensics Images Acquired by GrayShift
This article has been indexed from ZecOps Blog ZecOps is pleased to announce native support of mobile forensic images acquired with Graykey. With the latest release, ZecOps is capable of digesting filesystem archives acquired by GrayKey, GrayShift’s flagship product, providing…
ZecOps Announces Support for Forensics Images Acquired by GreyShift
This article has been indexed from ZecOps Blog ZecOps is pleased to announce native support of mobile forensic images acquired with Graykey. With the latest release, ZecOps is capable of digesting filesystem archives acquired by GrayKey, GrayShift’s flagship product, providing…
Persistence without “Persistence”: Meet The Ultimate Persistence Bug – “NoReboot”
This article has been indexed from ZecOps Blog Mobile Attacker’s Mindset Series – Part II Evaluating how attackers operate when there are no rules leads to discoveries of advanced detection and response mechanisms. ZecOps is proudly researching scenarios of attacks…
How iOS Malware Can Spy on Users Silently
This article has been indexed from ZecOps Blog Welcome to the first post of our latest blog series: Mobile Attackers’ Mindset In this blog series, we’re going to cover how mobile threat-actors think, and what techniques attackers use to overcome…
How iOS Malware Can Spy on Users Silently?
This article has been indexed from ZecOps Blog Welcome to the first post of our latest blog series: Mobile Attackers’ Mindset In this blog series, we’re going to cover how mobile threat-actors think, and what techniques attackers use to overcome…
Use-After-Free in Voice Control: CVE-2021-30902 Write-up
This article has been indexed from ZecOps Blog By: 08Tc3wBB Voice Control is a powerful feature introduced by Apple in iOS 13 and macOS Catalina. It acts as a substitute for all the touch gestures on the screen, letting you…
The Recent iOS 0-Click, CVE-2021-30860, Sounds Familiar. An Unreleased Write-up: One Year Later
This article has been indexed from ZecOps Blog TLDR; ZecOps identified and reproduced an Out-Of-Bounds Write vulnerability that can be triggered by opening a malformed PDF. This vulnerability reminded us of the FORCEDENTRY vulnerability exploited by NSO/Pegasus according to the…
NSO Exploits Still Remain Mysterious: ZecOps Can Help You Fight Back
This article has been indexed from ZecOps Blog This weekend, the Guardian released a groundbreaking report that authoritarian governments have breached the mobile devices of human rights activists, journalists, and lawyers across the world, using a hacking software sold by…
NSO Exploits Still Remains Mysterious: ZecOps Can Help You Fight Back
This article has been indexed from ZecOps Blog This weekend, the Guardian released a groundbreaking report that authoritarian governments have breached the mobile devices of human rights activists, journalists, and lawyers across the world, using a hacking software sold by…
Threat Actors are Working Together. Defenders Should Collaborate Too!
This article has been indexed from ZecOps Blog We previously published that we suspected that there were more than one threat actor targeting the Al-Jazeera journalists. Background ZecOps discovered NSO attacks that targeted Al-Jazeera automatically using ZecOps Mobile EDR &…
Meet WiFiDemon – iOS WiFi RCE 0-Day Vulnerability, and a Zero-Click Vulnerability That Was Silently Patched
This article has been indexed from ZecOps Blog The TL;DR Version: ZecOps Mobile EDR Research team investigated if the recently announced WiFi format-string bug in wifid was exploited in the wild. This research led us to interesting discoveries: Recently a…
New “Always-on” Application for MacOS (April updates)
Read the original article: New “Always-on” Application for MacOS (April updates) As cyberattacks targeting mobile devices are on the rise, we continue to see massive adoption from both the private and public sectors. We are really excited to share two…
Introducing ZecOps Anti-Phishing Extension
Read the original article: Introducing ZecOps Anti-Phishing Extension Phishing is a common social engineering attack that is used by scammers to steal personal information, including authentication credentials and credit card numbers. Being well known for more than 30 years, phishing…
ZecOps Announces The Formation of Defense Advisory Board and Appoints Former Commander of Unit 8200 Ehud Scneorson as Chairman
Read the original article: ZecOps Announces The Formation of Defense Advisory Board and Appoints Former Commander of Unit 8200 Ehud Scneorson as Chairman Ehud Schneourson to provide cyberdefense expertise and tactical guidance to burgeoning mobile security startup, with additional appointments…
ZecOps Selected to Fast Company’s Most Innovative Companies for 2021
Read the original article: ZecOps Selected to Fast Company’s Most Innovative Companies for 2021 The mobile security startup is among the top-ranked companies in the Security category ZecOps, the automated platform for discovering mobile cyber threats has been named to…
North Korea APT Might Have Used a Mobile 0day Too?
Read the original article: North Korea APT Might Have Used a Mobile 0day Too? Following Google TAG announcement that a few profiles on twitter, were part of an APT campaign targeting security Researchers. According to Google TAG, these threat actors…
NTFS Remote Code Execution (CVE-2020-17096) Analysis
Read the original article: NTFS Remote Code Execution (CVE-2020-17096) Analysis This is an analysis of the CVE-2020-17096 vulnerability published by Microsoft on December 12, 2020. The remote code execution vulnerability assessed with Exploitation: “More Likely”, grabbed our attention among the…
Remote iOS Attacks Targeting Journalists: More Than One Threat Actor?
Read the original article: Remote iOS Attacks Targeting Journalists: More Than One Threat Actor? ZecOps is proud to share that we detected multiple exploits by the threat actors that recently targeted Aljazeera’s journalists before it was made public. The attack…
Crash Analysis Series: An exploitable bug on Microsoft Teams ?! A Tale of One Bit
Read the original article: Crash Analysis Series: An exploitable bug on Microsoft Teams ?! A Tale of One Bit This is a story about a Microsoft Teams crash that we investigated recently. At first glance, it looked like a possible…
Running code in the context of iOS Kernel: Part I + LPE POC on iOS 13.7
Read the original article: Running code in the context of iOS Kernel: Part I + LPE POC on iOS 13.7 Abstract. Due to its popularity, iOS has attracted the attention of a large number of security researchers. Apple is constantly…
Exploring the Exploitability of “Bad Neighbor”: The Recent ICMPv6 Vulnerability (CVE-2020-16898)
Read the original article: Exploring the Exploitability of “Bad Neighbor”: The Recent ICMPv6 Vulnerability (CVE-2020-16898) At the Patch Tuesday on October 13, Microsoft published a patch and an advisory for CVE-2020-16898, dubbed “Bad Neighbor”, which was undoubtedly the highlight of…
Crash Reproduction Series: Microsoft Edge Legacy
Read the original article: Crash Reproduction Series: Microsoft Edge Legacy During yet another Digital Forensics investigation using ZecOps Crash Forensics Platform, we saw a crash of the Legacy (pre-Chromium) Edge browser. The crash was caused by a NULL pointer dereference…
Crash Reproduction Series: Microsoft Edge Legacy NULL Pointer Dereference
Read the original article: Crash Reproduction Series: Microsoft Edge Legacy NULL Pointer Dereference During yet another Digital Forensics investigation using ZecOps Crash Forensics Platform, we saw a crash of the Legacy (pre-Chromium) Edge browser. The crash was caused by a…
Crash Reproduction Series: IE Developer Console UAF
Read the original article: Crash Reproduction Series: IE Developer Console UAF During a DFIR investigation, using ZecOps Crash Forensics on a developer’s computer we encountered a consistent crash on Internet Explorer 11. The TL;DR is that albeit this bug is…
Crash Reproduction Series: IE Developer Console UAF
Read the original article: Crash Reproduction Series: IE Developer Console UAF During a DFIR investigation, using ZecOps Crash Forensics on a developer’s computer we encountered a consistent crash on Internet Explorer 11. The TL;DR is that albeit this bug is…
ZecOps for Mobile DFIR 2.0 – Now Supporting iOS *AND* Android
Read the original article: ZecOps for Mobile DFIR 2.0 – Now Supporting iOS *AND* Android ZecOps is excited to announce the release of ZecOps for Mobile 2.0, which includes full support for Android. With this release, ZecOps has extended its…
From a comment to a CVE: Content filter strikes again!
Read the original article: From a comment to a CVE: Content filter strikes again! In the past few years XNU had few vulns in a newly added/changed code areas and in the content filter area so it is no surprise…
SMBleedingGhost Writeup Part III: From Remote Read (SMBleed) to RCE
Read the original article: SMBleedingGhost Writeup Part III: From Remote Read (SMBleed) to RCE Introduction Previous SMBleedingGhost write-ups: Part I Part II Part III (this) In the previous part of the series, SMBleedingGhost Writeup Part II: Unauthenticated Memory Read –…
SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE
Read the original article: SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE Introduction In our previous blog post, we demonstrated how the SMBGhost bug (CVE-2020-0796) can be exploited for local privilege escalation. A brief…
SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost
Read the original article: SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost TL;DR While looking at the vulnerable function of SMBGhost, we discovered another vulnerability: SMBleed (CVE-2020-1206). SMBleed allows to leak kernel memory remotely. Combined with SMBGhost, which was patched three…
SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost
Read the original article: SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost TL;DR While looking at the vulnerable function of SMBGhost, we discovered another vulnerability: SMBleed (CVE-2020-1206). SMBleed allows to leak kernel memory remotely. Combined with SMBGhost, which was patched three…
Hidden demons? MailDemon Patch Analysis: iOS 13.4.5 Beta vs. iOS 13.5
Read the original article: Hidden demons? MailDemon Patch Analysis: iOS 13.4.5 Beta vs. iOS 13.5 Summary and TL;DR Further to Apple’s patch of the MailDemon vulnerability (see our blog here), ZecOps Research Team has analyzed and compared the MailDemon patches…
Seeing (Mail)Demons? Technique, Triggers, and a Bounty
Read the original article: Seeing (Mail)Demons? Technique, Triggers, and a Bounty Impact & Key Details (TL;DR) : Demonstrate a way to do a basic heap spray We were able to use this technique to verify that this vulnerability is exploitable.…
Seeing Mail(Demons)? Technique, Triggers, and a Bounty
Read the original article: Seeing Mail(Demons)? Technique, Triggers, and a Bounty Impact & Key Details (TL;DR) : Demonstrate a way to do a basic heap spray We were able to use this technique to verify that this vulnerability is exploitable.…