[ Nasze znaleziska ]

In addition to discovering security issues and design flaws in properitary software for our clients, Z-Labs occasionally conducts its own vulnerability research on chosen open source software and performs other security research related activities.

# Discovery of CVE-2017-17858 vulnerability - multiple memory corruptions during pdf processing

Software affected: MuPDF (ver. 1.12.0)
Advisory: MZET-ADV-2017-01

# Discovery of CVE-2015-3146 vulnerability - DoS condition (server-side NULL pointer dereference)

Software affected: libssh (ver. < 0.6.5)
Upstream advisory: libssh 0.6.5 (Security and bugfix release)

# Discovery of CVE-2015-1782 vulnerability - remote out-of-bounds memory read

Software affected: libssh2 (ver. <= 1.4.3)
Upstream advisory: libssh2 Security Advisory

[ Nasze narzędzia ]

At Z-Labs a lot of code is written: PoC exploits, custom fuzzers and other custom-written scripts. We release some of them to share with the community.

# bof-launcher - Beacon Object Files (BOF) launching library

Open-source, cross-platform library for loading, relocating and launching BOFs on Windows and UNIX/Linux systems.

Download: bof-launcher (github repo)

# linux-exploit-suggester - Linux privilege escalation auditing tool

Written to aid a security analyst in uncovering known and exploitable vulnerabilities in Linux kernel.

Download: linux-exploit-suggester (github repo)

# Exploits ported to Nmap

Lua scripts contributed by us to Nmap network scanner.

Script for detecting and exploiting CVE-2014-3704 vulnerability: source | docs
Script for detecting and exploiting CVE-2014-8877 vulnerability: source | docs

[ Nasze publikacje ]

Ops-Sec for Penetration Testers and Red Team Operators - comming soon.