[ Security Advisories ]

In addition to discovering security issues and design flaws in properitary software for our clients, Z-Labs occasionally conducts its own vulnerability research on chosen open source software and performs other security research related activities.

:: Discovery of CVE-2017-17858 vulnerability - multiple memory corruptions during pdf processing

Software affected: MuPDF (ver. 1.12.0)
Advisory: MZET-ADV-2017-01

:: Discovery of CVE-2015-3146 vulnerability - DoS condition (server-side NULL pointer dereference)

Software affected: libssh (ver. < 0.6.5)
Upstream advisory: libssh 0.6.5 (Security and bugfix release)

:: Discovery of CVE-2015-1782 vulnerability - remote out-of-bounds memory read

Software affected: libssh2 (ver. <= 1.4.3)
Upstream advisory: libssh2 Security Advisory

[ Tools ]

At Z-Labs a lot of code is written: PoC exploits, custom fuzzers and other custom-written scripts. We release some of them to share with the community.

:: linux-exploit-suggester - Linux privilege escalation auditing tool

Written to aid a security analyst in uncovering known and exploitable vulnerabilities in Linux kernel.

Download: linux-exploit-suggester (github repo)

:: Exploits ported to Nmap

Lua scripts contributed by us to Nmap network scanner.

Script for detecting and exploiting CVE-2014-3704 vulnerability: source | docs
Script for detecting and exploiting CVE-2014-8877 vulnerability: source | docs

[ Whitepapers / Guidelines ]

Ops-Sec for Penetration Testers and Red Team Operators - comming soon.