EN | PL
[ Strona Główna ] [ Oferta ] [ Blog ] [ Nasze Publikacje ] [ O Nas ]   

In addition to offering penetration testing services members of Z-Labs are commited to conduct independent security research and development to constanly improve its R&D capabilities



.:: Vulnerability Research ::.

In addition to discovering security issues and design flaws in properitary software for our clients, Z-Labs occasionally conducts its own vulnerability research on chosen open source software and performs other security research related activities.

:: Discovery of CVE-2017-17858 vulnerability - multiple memory corruptions during pdf processing

Software affected: MuPDF (ver. 1.12.0)
Advisory: MZET-ADV-2017-01

:: Discovery of CVE-2015-3146 vulnerability - DoS condition (server-side NULL pointer dereference)

Software affected: libssh (ver. < 0.6.5)
Upstream advisory: libssh 0.6.5 (Security and bugfix release)

:: Discovery of CVE-2015-1782 vulnerability - remote out-of-bounds memory read

Software affected: libssh2 (ver. <= 1.4.3)
Upstream advisory: libssh2 Security Advisory

:: Security challenges and CTF-like competitions writeups

To constantly improve in the art of vulnerability discovery and to stay sharp with latest exploitation techniques we solve them a lot. We publish our solutions of selected problems at github.

Link: CTF writeups (github repo)

:.................................................


.:: Security tools & Exploits ::.

At Z-Labs a lot of code is written: PoC exploits, custom fuzzers and other custom-written scripts. We release some of them to share with the community.

:: linux-exploit-suggester - Linux privilege escalation auditing tool

Written to aid a security analyst in uncovering known and exploitable vulnerabilities in Linux kernel.

Download: linux-exploit-suggester (github repo)

:: Exploits ported to Nmap

Lua scripts contributed by us to Nmap network scanner.

Script for detecting and exploiting CVE-2014-3704 vulnerability: source | docs
Script for detecting and exploiting CVE-2014-8877 vulnerability: source | docs

:.................................................


.:: Whitepapers / Guidelines ::.

Ops-Sec for Penetration Testers and Red Team Operators - comming soon.

copyright (c) 2005-2020 Mariusz Ziulek