In this blog post, we describe the security analysis and the found vulnerabilities in the industrial remote access solution Ewon Cosy+.
Firmware Security: Alcatel-Lucent ALE-DeskPhone
This blog post is about an analysis of firmware security in a VoIP deskphone. This analysis ties in with our previous research and the demonstrated exploitation of zero touch deployments (see Zero ...
Introducing M.A.T
In today’s increasingly interconnected data landscape, access to external data sources is crucial for the business processes of many companies. Microsoft SQL Server, in addition to local instances,...
Introducing AzurEnum
As time goes on, organizations keep moving more and more IT assets into the cloud. More importantly, the Azure cloud plays a paramount role in the IT structure of most companies due to its merging ...
Zero Touch Pwn: Abusing Zoom's Zero Touch Provisioning for Remote Attacks on Desk Phones
In this blog post, we describe several vulnerabilities that were discovered during a security analysis of AudioCodes desk phones and Zoom’s Zero Touch Provisioning. We also discuss and demonstrate...
NetSupport RAT distributed via fake invoices
NetSupport Manager is a legitimate remote control software that is developed by a UK-based company. However, as uncovered in this analysis, the software is used in a currently active phishing campa...
The Blind Spots of BloodHound
Let’s get one thing straight: This article is not at all a dig on BloodHound.
Abusing Microsoft Teams Direct Routing
In this blog post, a practical problem and security issue when it comes to phone integration with Microsoft Teams Direct Routing is described.
Tampering with Thunderbird attachments under Windows
In this blog post a few techniques for tampering with Thunderbird attachments, which simplify social engineering (SE) attacks from an attacker perspective, are shown. Introduction Thunderbird unde...
Hacking Some More Secure USB Flash Drives (Part II)
In the second article of this series, SySS IT security expert Matthias Deeg presents security vulnerabilities found in another crypto USB flash drive with AES hardware encryption.