Neuigkeiten
Die neusten Veröffentlichungen von modzero.
Blog
- RESEARCH
Please Do Not Hack Me - The Tale of a TeamSpeak Use-After-Free
3. Juni 2026
Root cause analysis of a heap use-after-free vulnerability in the TeamSpeak3 server, covering the research approach, the race condition at the heart of the bug, and how far it could be pushed towards remote code execution.
- COMPANY
We're Hiring!
12. März 2026
We’re hiring! We are currently looking for a Penetration Tester and a Senior Red Teamer. Check out our open positions and reach out if you think you’d be a great fit.
- RESEARCH
No Leak, No Problem – Bypassing ASLR with a ROP Chain to Gain RCE
10. November 2025
Following a previous post on ARM exploitation, this post walks through extracting and analyzing modern IoT firmware to discover a previously unknown vulnerability. We then construct an ARM ROP chain that bypasses ASLR without an address leak to achieve unauthenticated RCE.
- DISCLOSURE
When Backups Open Backdoors: Accessing Sensitive Cloud Data via "Synology Active Backup for Microsoft 365"
27. Juni 2025
A credential leaked by Synology allowed anyone unauthorized access to sensitive data of all Microsoft cloud tenants using “Active Backup for Microsoft 365” (ABM).
Advisories
[MZ-26-01] TeamSpeak
27. Mai 2026
Multiple Denial of Service (DoS) vulnerabilities in TeamSpeak
[MZ-25-03] INSTAR 2K+ and 4K Series
12. August 2025
Unauthenticated Remote Code Execution (RCE) in INSTAR 2K+ and 4K Series IP cameras
[MZ-25-02] Synology Active Backup for Microsoft 365
27. Juni 2025
SynoOauth leaked credentials allowing unauthorized access to Microsoft Entra tenants using “Active Backup for Microsoft 365” (ABM)
[MZ-25-01] Via Browser for Android
27. Februar 2025
Via Browser was affected by a universal Cross-Site Scripting (uXSS) issue