News

Blog

• PLAYGROUND

  ROPing our way to RCE

  February 7, 2025

  From vulnerability to exploit - this post explores the journey of developing an ARM ROP chain to exploit a buffer overflow in uc-http. Dive into the process of reverse engineering, gadget hunting, and crafting a working exploit.

• PLAYGROUND

  Exploiting SSTI in a Modern Spring Boot Application (3.3.4)

  January 8, 2025

  Learn how to exploit Server-Side Template Injection (SSTI) in a Spring Boot application using the Thymeleaf templating engine. Special focus will be set on bypassing defenses in newer versions.

• PLAYGROUND

  Tutorial: How we learned to love the doc(umentation)

  October 14, 2024

  Just read documentation to get RCE?! Our colleague Theresa designed a tutorial guiding you through an OpenVPN exploit scenario — for you to try at home!

• DISCLOSURE

  Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes

  June 7, 2024

  We exploited an unauthenticated command injection within the spam filter appliance MailCleaner that can be triggered through a malicious email address.

Advisories

• [MZ-24-01] MailCleaner

  April 29, 2024

  Unauthenticated Command Injection and XSS vulnerabilities in MailCleaner

• [MZ-23-01] Poly VoIP Devices

  December 29, 2023

  Several vulnerabilities in Poly VoIP devices

• [MZ-22-03] Passwordstate

  December 19, 2022

  Multiple high severity vulnerabilities in Passwordstate by Click Studios

• [MZ-22-02] CrowdStrike FalconSensor

  August 22, 2022

  Uninstall Protection Bypass for CrowdStrike Falcon Sensor