Category: ZecOps Blog

During a Digital Forensics investigation, ZecOps made an interesting finding: a cheap burner device that purported to be an Android 10 was actually an old Android 6. In the first part of the series, we presented how attackers can ‘fake’…

Read more →

This article has been indexed from ZecOps Blog ZecOps is pleased to announce native support of mobile forensic images acquired with Graykey. With the latest release, ZecOps is capable of digesting filesystem archives acquired by GrayKey, GrayShift’s flagship product, providing…

Read more →

This article has been indexed from ZecOps Blog ZecOps is pleased to announce native support of mobile forensic images acquired with Graykey. With the latest release, ZecOps is capable of digesting filesystem archives acquired by GrayKey, GrayShift’s flagship product, providing…

Read more →

This article has been indexed from ZecOps Blog Mobile Attacker’s Mindset Series – Part II Evaluating how attackers operate when there are no rules leads to discoveries of advanced detection and response mechanisms. ZecOps is proudly researching scenarios of attacks…

Read more →

This article has been indexed from ZecOps Blog Welcome to the first post of our latest blog series: Mobile Attackers’ Mindset In this blog series, we’re going to cover how mobile threat-actors think, and what techniques attackers use to overcome…

Read more →

This article has been indexed from ZecOps Blog Welcome to the first post of our latest blog series: Mobile Attackers’ Mindset In this blog series, we’re going to cover how mobile threat-actors think, and what techniques attackers use to overcome…

Read more →

This article has been indexed from ZecOps Blog By: 08Tc3wBB Voice Control is a powerful feature introduced by Apple in iOS 13 and macOS Catalina. It acts as a substitute for all the touch gestures on the screen, letting you…

Read more →

This article has been indexed from ZecOps Blog TLDR; ZecOps identified and reproduced an Out-Of-Bounds Write vulnerability that can be triggered by opening a malformed PDF. This vulnerability reminded us of the FORCEDENTRY vulnerability exploited by NSO/Pegasus according to the…

Read more →

This article has been indexed from ZecOps Blog This weekend, the Guardian released a groundbreaking report that authoritarian governments have breached the mobile devices of human rights activists, journalists, and lawyers across the world, using a hacking software sold by…

Read more →

This article has been indexed from ZecOps Blog This weekend, the Guardian released a groundbreaking report that authoritarian governments have breached the mobile devices of human rights activists, journalists, and lawyers across the world, using a hacking software sold by…

Read more →

This article has been indexed from ZecOps Blog We previously published that we suspected that there were more than one threat actor targeting the Al-Jazeera journalists. Background ZecOps discovered NSO attacks that targeted Al-Jazeera automatically using ZecOps Mobile EDR &…

Read more →

This article has been indexed from ZecOps Blog The TL;DR Version: ZecOps Mobile EDR Research team investigated if the recently announced WiFi format-string bug in wifid was exploited in the wild.  This research led us to interesting discoveries: Recently a…

Read more →

Read the original article: New “Always-on” Application for MacOS (April updates) As cyberattacks targeting mobile devices are on the rise, we continue to see massive adoption from both the private and public sectors. We are really excited to share two…

Read more →

Read the original article: Introducing ZecOps Anti-Phishing Extension Phishing is a common social engineering attack that is used by scammers to steal personal information, including authentication credentials and credit card numbers. Being well known for more than 30 years, phishing…

Read more →

Read the original article: ZecOps Announces The Formation of Defense Advisory Board and Appoints Former Commander of Unit 8200 Ehud Scneorson as Chairman Ehud Schneourson to provide cyberdefense expertise and tactical guidance to burgeoning mobile security startup, with additional appointments…

Read more →

Read the original article: ZecOps Selected to Fast Company’s Most Innovative Companies for 2021 The mobile security startup is among the top-ranked companies in the Security category ZecOps, the automated platform for discovering mobile cyber threats has been named to…

Read more →

Read the original article: North Korea APT Might Have Used a Mobile 0day Too? Following Google TAG announcement that a few profiles on twitter, were part of an APT campaign targeting security Researchers. According to Google TAG, these threat actors…

Read more →

Read the original article: NTFS Remote Code Execution (CVE-2020-17096) Analysis This is an analysis of the CVE-2020-17096 vulnerability published by Microsoft on December 12, 2020. The remote code execution vulnerability assessed with Exploitation: “More Likely”,  grabbed our attention among the…

Read more →

Read the original article: Remote iOS Attacks Targeting Journalists: More Than One Threat Actor? ZecOps is proud to share that we detected multiple exploits by the threat actors that recently targeted Aljazeera’s journalists before it was made public. The attack…

Read more →

Read the original article: Crash Analysis Series: An exploitable bug on Microsoft Teams ?! A Tale of One Bit This is a story about a Microsoft Teams crash that we investigated recently. At first glance, it looked like a possible…

Read more →

Read the original article: Running code in the context of iOS Kernel: Part I + LPE POC on iOS 13.7 Abstract.  Due to its popularity, iOS has attracted the attention of a large number of security researchers.  Apple is constantly…

Read more →

Read the original article: Exploring the Exploitability of “Bad Neighbor”: The Recent ICMPv6 Vulnerability (CVE-2020-16898) At the Patch Tuesday on October 13, Microsoft published a patch and an advisory for CVE-2020-16898, dubbed “Bad Neighbor”, which was undoubtedly the highlight of…

Read more →

Read the original article: Crash Reproduction Series: Microsoft Edge Legacy During yet another Digital Forensics investigation using ZecOps Crash Forensics Platform, we saw a crash of the Legacy (pre-Chromium) Edge browser. The crash was caused by a NULL pointer dereference…

Read more →

Read the original article: Crash Reproduction Series: Microsoft Edge Legacy NULL Pointer Dereference During yet another Digital Forensics investigation using ZecOps Crash Forensics Platform, we saw a crash of the Legacy (pre-Chromium) Edge browser. The crash was caused by a…

Read more →

Read the original article: Crash Reproduction Series: IE Developer Console UAF During a DFIR investigation, using ZecOps Crash Forensics on a developer’s computer we encountered a consistent crash on Internet Explorer 11. The TL;DR is that albeit this bug is…

Read more →

Read the original article: Crash Reproduction Series: IE Developer Console UAF During a DFIR investigation, using ZecOps Crash Forensics on a developer’s computer we encountered a consistent crash on Internet Explorer 11. The TL;DR is that albeit this bug is…

Read more →

Read the original article: ZecOps for Mobile DFIR 2.0 – Now Supporting iOS *AND* Android ZecOps is excited to announce the release of ZecOps for Mobile 2.0, which includes full support for Android. With this release, ZecOps has extended its…

Read more →

Read the original article: From a comment to a CVE: Content filter strikes again! In the past few years XNU had few vulns in a newly added/changed code areas and in the content filter area so it is no surprise…

Read more →

Read the original article: SMBleedingGhost Writeup Part III: From Remote Read (SMBleed) to RCE Introduction Previous SMBleedingGhost write-ups:  Part I Part II Part III (this) In the previous part of the series, SMBleedingGhost Writeup Part II: Unauthenticated Memory Read –…

Read more →

Read the original article: SMBleedingGhost Writeup Part II: Unauthenticated Memory Read – Preparing the Ground for an RCE Introduction In our previous blog post, we demonstrated how the SMBGhost bug (CVE-2020-0796) can be exploited for local privilege escalation. A brief…

Read more →

Read the original article: SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost TL;DR While looking at the vulnerable function of SMBGhost, we discovered another vulnerability: SMBleed (CVE-2020-1206). SMBleed allows to leak kernel memory remotely. Combined with SMBGhost, which was patched three…

Read more →

Read the original article: SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost TL;DR While looking at the vulnerable function of SMBGhost, we discovered another vulnerability: SMBleed (CVE-2020-1206). SMBleed allows to leak kernel memory remotely. Combined with SMBGhost, which was patched three…

Read more →

Read the original article: Hidden demons? MailDemon Patch Analysis: iOS 13.4.5 Beta vs. iOS 13.5 Summary and TL;DR Further to Apple’s patch of the MailDemon vulnerability (see our blog here), ZecOps Research Team has analyzed and compared the MailDemon patches…

Read more →

Read the original article: Seeing (Mail)Demons? Technique, Triggers, and a Bounty Impact & Key Details (TL;DR) : Demonstrate a way to do a basic heap spray We were able to use this technique to verify that this vulnerability is exploitable.…

Read more →

Read the original article: Seeing Mail(Demons)? Technique, Triggers, and a Bounty Impact & Key Details (TL;DR) : Demonstrate a way to do a basic heap spray We were able to use this technique to verify that this vulnerability is exploitable.…

Read more →