Moritz Abrell

Finally published the blog post about abusing @Zoom for remote attacks on endponits: blog.syss.com/posts/zero-tou… It was fun to present this at @BlackHatEvents

An interesting wrap-up presentation from the security researcher who found the COROS watch security vulnerabilities last year. Worth a watch if you're into geekery: youtube.com/watch?v=WmY9XB…

Great work and write-up!

Had a great time at @hardwear_io 2025. Awesome conference! youtu.be/WmY9XBJEq2A?si…

Today, I have published a new YouTube video about browser swapping attacks, demonstrating and explaining a security issue in OAuth 2.0 that my colleague Jonas Primbs found. youtube.com/watch?v=hDrfwK…

⌚ A sports watch you trust on every run…or do you? At #hw_ioNL2025 Moritz Abrell takes us behind the scenes of the #COROSPACE3, where a routine BLE assessment spiralled into discovering hidden vulnerabilities & a public wake-up call for the vendor. 👉hardwear.io/netherlands-20…

I'm back home from the beautiful city of Bergamo and the awesome @nohatcon. Today, we have published the security advisories concerning the Verbatim security update I was talking about on Saturday in my presentation "Your Security Update is Not Secure Enough".

The talk recording can now be found on YouTube youtube.com/watch?v=tmIoT2…

Excited to contribute to the content of this year‘s @hardwear_io . Looking forward to Amsterdam! hardwear.io/netherlands-20…

Today, my colleague @moritz_abrell published a new tech blog article titled "Automated Patch Diff Analysis using LLMs", and it's about what its title suggests. 😄 If you're interested in LLM-based workflows and IT security, you should read it here: blog.syss.com/posts/automate…

Our favorite articles & learnings from July by @moritz_abrell, @azonenberg, @iarsystems, @koehlma, @linuxfoundation, @cratesiostatus, @Raspberry_Pi, @EbenUpton, @qtproject, @JLCPCB, @ZephyrIoT, and more! Read our latest monthly roundup on Interrupt, Memfault's developer blog & community: interrupt.memfault.com/blog/july-2025… #embedded #embeddedsystems #firmware #hardware #iot

Introduction to Voltage Glitching (STM32L051 microcontroller) blog.syss.com/posts/voltage-… Credits @BartimaeusvUruk #hardware #infosec

@dcrainmakerblog Thanks for sharing

COROS has confirmed a substantial set of security vulnerabilities, impacting not just the watch, but COROS online account as well. These were initially spotted by security researcher @moritz_abrell and I've confirmed they impact all devices. Full details: dcrainmaker.com/2025/06/coros-…

@runnersworld Check this out: blog.syss.com/posts/bluetoot…

I Tested the Coros Pace 3. This Is the One Running Watch New Runners Need. runnersworld.com/gear/a65048881…

Today we published the blog post about the BLE analysis of a COROS PACE3 sports watch: blog.syss.com/posts/bluetoot… #CVE #Vulnerability #BLE #COROS

Check out the discovery and analysis of CVE-2025-33073 by my colleagues. A vulnerability with real-world impact. blog.syss.com/posts/kerberos…

Today, my new blog article titled "Voltage Glitching with the Pico Glitcher and Findus" was published. You can find it on the SySS Tech Blog: blog.syss.com/posts/voltage-…

Check out our today published CVEs on @AudioCodes Session Border Controller and One Voice Operation Center. Unauthenticated path traversal, hard-coded keys and unauthenticated persistent XSS. syss.de/pentest-blog/m… CVE-2024-52883 CVE-2024-52882 CVE-2024-52884 CVE-2024-52881

Today, I've published the security advisory SYSS-2024-085 (CVE-2024-38499) concerning a security vulnerability in the desktop and server management software CA Client Automation by @broadcom. You can find further informationen in the SySS Pentest blog: syss.de/pentest-blog/s…

I am currently working on version 2 of the PicoGlitcher (mkesenheimer.github.io/blog/pico-glit…) to perform #FaultInjection and #VoltageGlitching. Here is a teaser what it can achieve. Version 2 is capable of basic pulse-shaping.

Today, SySS published several security vulnerabilities concerning the SICK products InspectorP61x, InspectorP62x, and TiM3xx. These issues were found by my colleagues Manuel Stotz and Tobias Jäger. You can find further information in the SySS blog: syss.de/pentest-blog/k…