@[email protected]

Find us on #Mastodon @modzero@infosec.exchange

Tutorial: Our colleague Theresa designed a tutorial guiding through an OpenVPN exploit scenario — for you to try at home! modzero.com/en/blog/how-we…

We would really like to get one of those new footballs that are currently being used in the stadiums during the European Championship matches. Just curious. 😁 DMs are open! #uefa #football #soccer #EM2024 #ballleak <3

Lovely to see the Email RFCs abused to embed a command injection payload in the local-part of the address! Nice work Michael Imfeld & @parzel2 modzero.com/en/blog/beyond…

Shells at midnight: Exploiting the flexibility of Email addresses for offensive purposes. Today we are publishing a new blog post about our disclosure report on #MailCleaner #CVE-2024-3191: modzero.com/en/blog/beyond… @born0monday@chaos.social will also present at @a41con today.

We identified critical vulnerabilities in MailCleaner. A command injection vulnerability can be exploited by sending an Email. Our report can be found here: modzero.com/en/advisories/… Kudos to @born0monday" target="_blank" rel="nofollow noopener">chaos.social/@born0monday and @parzel" target="_blank" rel="nofollow noopener">chaos.social/@parzel #MailCleaner #CVE-2024-3191 #Infosec

Unfortunately this is necessary: 8532a9e0e49991ffdc3bfe7b728513e254e288a86275c6473e3b42228641e5fa MZ-24-01_8641e5fa.pdf (and please find us on mastodon as well: @modzero" target="_blank" rel="nofollow noopener">infosec.exchange/@modzero)

#CVE-2023-4462 Exploits are now available on github: github.com/modzero/MZ-23-… And please find us on @modzero" target="_blank" rel="nofollow noopener">infosec.exchange/@modzero

How do you hack Internet-connected devices? Today, our colleagues @parzel2 and @yonk@chaos.social will present their research at the #37C3 on how to turn a Poly VoIP phone into a wiretap, giving beginners some starting points for own research projects. events.ccc.de/congress/2023/…

Joining us for a second year as sponsor is @mod0. Thanks for your continued support! Register at bsides.berlin for one of the last remaining in-person tickets. #BSidesBerlin #appsec #infosec #BSides

Find us on mastodon (and BSIDES Berlin 2023 😉) @modzero/111339919605526926" target="_blank" rel="nofollow noopener">infosec.exchange/@modzero/11133…

Happy birthday to us! 🎉 12 years of hacking! Thank you to everyone who helped get this far! 😍 modzero.com/en/blog/12th-a…

Better make sure your password manager is secure -- or someone else will. We found critical security issues in the enterprise password manager Passwordstate that allowed to access passwords and gain a shell -- without any authentication #CVE-2022-3875 modzero.com/modlog/archive…

We are excited to welcome onboard @mod0 as our Gold Sponsors this year! Register at bsides.berlin for one of the last remaining in-person tickets. #BSidesBerlin #appsec #infosec #BSides"

We found a security issue in the latest @CrowdStrike #FalconSensor. The bug itself isn't worth a tweet as the severity is pretty low. However, we’d like to shed some light on a ridiculous vulnerability disclosure process with CrowdStrike. #CVE-2022-2841 modzero.com/modlog/archive…

Meet our #infosec-veteran @rexploit at @a41con! He will provide some insights on our #MeetingOwl research during his talk on Friday and is happy to meet-up on the hallway-track.

MITRE assigned CVE-2022-31463, CVE-2022-31462, CVE-2022-31461, CVE-2022-31460 and CVE-2022-31459 #MeetingOwl

Meeting Owl videoconference device used by govs is a security disaster arstechnica.com/information-te… by @dangoodin001

Well as some questions start coming up regarding the #MeetingOwl insecurities. Here are some short and clear infos. Details in our report. modzero.com/modlog/archive…

Meeting Owl Pro: Konferenzeule hat viele Sicherheitslücken #MeetingOwl #Sicherheitslücke glm.io/165766?s