We discovered flaws in Zimbra, an enterprise email solution, that allow attackers to steal credentials of users and gain access to their email accounts.

CVE-2022-25845 has a high potential impact but conditions for attack are not trivial. Read technical analysis and mitigation guidance of the Fastjson RCE vulnerability

Securing SSH is one of the main controls of CIS Benchmark, but what are the real threats to ssh exposure? Brute force, credential leaks, ...

This document describes a system for the forwarding of encrypted HTTP messages.
This allows a client to make multiple requests of a server without the server being able
to link those requests to the client or to identify the requests as having come
from the…

Turning Power Side-Channel Attacks Into Remote Timing Attacks on x86

Preboot passwords are important when using BitLocker to prevent all kinds of attacks. One of those attacks is the ability to sniff the TPM chip communication and recover the decryption key. This article shows you how to attack Linux disk encryption and provides…

Introduction Our Web Security Academy has a topic on dangling markup injection - a technique for exploiting sites protected by CSP. But something interesting happened when we came to update to Chrome

Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/06/14/index.html We did a quick analysis of this ...

In this post, we attack the Nest Hub (2nd Gen), an always-connected smart home display from Google, in order to boot a custom OS. First, we explore both hardware and software attack surface in search of security vulnerabilities that could permit arbitrary…

A comprehensive guide to MikroTik internals, including IPC, hand-rolled cryptography, and a novel post-authentication jailbreak

disclaimer: these post series are just for fun and should not be readed by anyone

Volexity frequently works with individuals and organizations heavily targeted by sophisticated, motivated, and well-equipped threat actors from around the world. Some of these individuals or organizations are attacked infrequently or […]

Learn more about a potentially harmful Office 365 functionality that allows ransomware to encrypt files stored on SharePoint and OneDrive. Read more with Proofpoint.

Persistence, lateral movement

VED - Linux kernel threat detection and prevention system LKM version of VED goes public finally.

Thanks to Brad Duncan for sharing this pcap! https://www.malware-traffic-analysis.net/2022/04/19/index2.html We did a quick analysis of this...

In this post I’ll exploit CVE-2022-22057, a use-after-free in the Qualcomm gpu kernel driver, to gain root and disable SELinux from the untrusted app sandbox on a Samsung Z flip 3. I’ll look at various mitigations that are implemented on modern Android devices…

In April of this year, FreeBSD patched a 13-year-old heap overflow in the Wi-Fi stack that could allow network-adjacent attackers to execute arbitrary code on affected installations of FreeBSD Kernel. This bug was originally reported to the ZDI program by…

On January 11, 2022, we published a blog post describing the details of CVE-2022-21893, a Remote Desktop vulnerability that we found and reported to Microsoft. After analyzing the patch that fixed...

In early February 2022, we came across a tweet from ShadowChasing1 identifying a SideWinder-related word document which referenced a template URL. In this article, we share our insights from…