@mod0 profile picture
@modzero@infosec.exchange @mod0

Founded in April 2011

Joined March 2011
  • Tweets 131
  • Following 13
  • Followers 1,132
2 Photos and videos
Pinned Tweet
@modzero@infosec.exchange@mod0
30 Nov 2022
Find us on #Mastodon @modzero@infosec.exchange
Tutorial: Our colleague Theresa designed a tutorial guiding through an OpenVPN exploit scenario — for you to try at home! modzero.com/en/blog/how-we-l…

Tutorial: How we learned to love the doc(umentation)

modzero.com
3
366
We would really like to get one of those new footballs that are currently being used in the stadiums during the European Championship matches. Just curious. 😁 DMs are open! #uefa #football #soccer #EM2024 #ballleak <3
3
8
1,502
@modzero@infosec.exchange retweeted
Gareth Heyes \u2028@garethheyes
20 Jun 2024
Lovely to see the Email RFCs abused to embed a command injection payload in the local-part of the address! Nice work Michael Imfeld & @parzel2 modzero.com/en/blog/beyond_t…

1
41
109
11,278
Shells at midnight: Exploiting the flexibility of Email addresses for offensive purposes. Today we are publishing a new blog post about our disclosure report on #MailCleaner #CVE-2024-3191: modzero.com/en/blog/beyond_t… @born0monday@chaos.social will also present at @a41con today.
4
10
889
We identified critical vulnerabilities in MailCleaner. A command injection vulnerability can be exploited by sending an Email. Our report can be found here: modzero.com/en/advisories/mz… Kudos to chaos.social/@born0monday and chaos.social/@parzel #MailCleaner #CVE-2024-3191 #Infosec

[MZ-24-01] MailCleaner

modzero.com
3
8
699
Unfortunately this is necessary: 8532a9e0e49991ffdc3bfe7b728513e254e288a86275c6473e3b42228641e5fa MZ-24-01_8641e5fa.pdf (and please find us on mastodon as well: infosec.exchange/@modzero)

modzero (@modzero@infosec.exchange)

34 Posts, 32 Following, 544 Followers · Breaking stuff since April 2011. @modzero.bsky.social

infosec.exchange
1
1
3
982
#CVE-2023-4462 Exploits are now available on github: github.com/modzero/MZ-23-01-… And please find us on infosec.exchange/@modzero

GitHub - modzero/MZ-23-01-Poly-VoIP-Devices: Proof of Concept exploits for vulnerabilities affect...

Proof of Concept exploits for vulnerabilities affecting Poly VoIP devices. - modzero/MZ-23-01-Poly-VoIP-Devices

github.com
parzel@parzel2
30 Jan 2024
Today we release the proof-of-concept exploits for the vulnerabilities we identified in HP #Poly VoIP devices. At the #37C3 we presented how these issues allow an attacker with network access to gain RCE and transform your devices into wiretaps. github.com/modzero/MZ-23-01-…
1
3
412
How do you hack Internet-connected devices? Today, our colleagues @parzel2 and @yonk@chaos.social will present their research at the #37C3 on how to turn a Poly VoIP phone into a wiretap, giving beginners some starting points for own research projects. events.ccc.de/congress/2023/…
2
4
584
@modzero@infosec.exchange retweeted
BSides Berlin@SidesBer
3 Nov 2023
Joining us for a second year as sponsor is @mod0. Thanks for your continued support! Register at bsides.berlin for one of the last remaining in-person tickets. #BSidesBerlin #appsec #infosec #BSides
4
9
920
Find us on mastodon (and BSIDES Berlin 2023 😉) infosec.exchange/@modzero/11…

modzero (@modzero@infosec.exchange)

We are sponsor at #BSIDES BERLIN again in 2023! Join one of the best community-driven #infosec conferences in Berlin, and meet our team! We're looking forward to meet you on November 18th at Holzma...

infosec.exchange
198
Happy birthday to us! 🎉 12 years of hacking! Thank you to everyone who helped get this far! 😍 modzero.com/en/blog/12th-ann…

12th Anniversary

modzero.com
3
18
2,593
Better make sure your password manager is secure -- or someone else will. We found critical security issues in the enterprise password manager Passwordstate that allowed to access passwords and gain a shell -- without any authentication #CVE-2022-3875 modzero.com/modlog/archives/…

1
24
40
12,657
@modzero@infosec.exchange retweeted
BSides Berlin@SidesBer
16 Nov 2022
We are excited to welcome onboard @mod0 as our Gold Sponsors this year! Register at bsides.berlin for one of the last remaining in-person tickets. #BSidesBerlin #appsec #infosec #BSides"
6
12
We found a security issue in the latest @CrowdStrike #FalconSensor. The bug itself isn't worth a tweet as the severity is pretty low. However, we’d like to shed some light on a ridiculous vulnerability disclosure process with CrowdStrike. #CVE-2022-2841 modzero.com/modlog/archives/…

9
136
472
Meet our #infosec-veteran @rexploit at @a41con! He will provide some insights on our #MeetingOwl research during his talk on Friday and is happy to meet-up on the hallway-track.
4
15
MITRE assigned CVE-2022-31463, CVE-2022-31462, CVE-2022-31461, CVE-2022-31460 and CVE-2022-31459 #MeetingOwl
Ars Technica
@arstechnica
2 Jun 2022
Meeting Owl videoconference device used by govs is a security disaster arstechnica.com/information-… by @dangoodin001
3
@modzero@infosec.exchange retweeted
Ars Technica
@arstechnica
2 Jun 2022
Meeting Owl videoconference device used by govs is a security disaster arstechnica.com/information-… by @dangoodin001

Meeting Owl videoconference device used by govs is a security disaster

No patch yet for easy-to-hack access point that leaks data and exposes networks to hacks.

arstechnica.com
40
113
@modzero@infosec.exchange retweeted
Max Moser@rexploit
1 Jun 2022
Well as some questions start coming up regarding the #MeetingOwl insecurities. Here are some short and clear infos. Details in our report. modzero.com/modlog/archives/…

3
5
7
@modzero@infosec.exchange retweeted
Golem.de
@golem
31 May 2022
Meeting Owl Pro: Konferenzeule hat viele Sicherheitslücken #MeetingOwl #Sicherheitslücke glm.io/165766?s

Meeting Owl Pro: Konferenzeule hat viele Sicherheitslücken - Golem.de

Das Konferenzsystem Meeting Owl Pro sieht putzig aus, hat aber viele Sicherheitslücken, die auch nach vier Monaten nicht geschlossen wurden.

golem.de
2
9
15
Load more