[ Home ] [ Services ] [ Blog ] [ Publications ] [ About ]   

In addition to offering penetration testing services members of Z-Labs are commited to conduct independent security research and development to uncover and mitigate hidden security risks in popular software



.:: Security advisories ::.

Here is the list of selected vulnerabilities discovered by the members of Z-Labs in popular open source software:

:: CVE-2017-17858 - multiple memory corruptions during pdf processing

Software affected: MuPDF (ver. 1.12.0)
Advisory: MZET-ADV-2017-01

:: CVE-2015-3146 - DoS condition (server-side NULL pointer dereference)

Software affected: libssh (ver. < 0.6.5)
Upstream advisory: libssh 0.6.5 (Security and bugfix release)

:: CVE-2015-1782 - remote out-of-bounds memory read

Software affected: libssh2 (ver. <= 1.4.3)
Upstream advisory: libssh2 Security Advisory

:.................................................


.:: Security tools ::.

Tools authored and actively maintained by the members of Z-Labs:

:: linux-exploit-suggester - Linux privilege escalation auditing tool

Written to aid a security analyst in uncovering known and exploitable vulnerabilities in Linux kernel.

Download: linux-exploit-suggester (github repo)

:.................................................


.:: Exploits ::.

Our selected exploit development work:

:: Exploits ported to Nmap

Lua scripts contributed by us to Nmap network scanner.

Script for detecting and exploiting CVE-2014-3704 vulnerability: source | docs
Script for detecting and exploiting CVE-2014-8877 vulnerability: source | docs

:.................................................


.:: Miscellaneous ::.

Other stuff that we do and that does not fit to any previous category:

:: Security challenges and CTF-like competitions

To constantly improve in the art of vulnerability discovery and to stay sharp with latest exploitation techniques we solve them a lot. We publish our solutions of selected problems at github.

Link: CTF writeups (github repo)

:.................................................


copyright (c) 2005-2019 Mariusz Ziulek