@modzero.bsky.social
Breaking stuff since 2011
This blog post contains the full technical walk-through and discovery of the vulnerability, its impact, and our experience during the responsible disclosure process with Synology.
29.06.2025 08:01 โ ๐ 3 ๐ 0 ๐ฌ 0 ๐ 0Teammate Leonid discovered a leaked credential that allowed anyone unauthorized access to all Microsoft tenants of orgs that use Synology's "Active Backup for Microsoft 365" (ABM), including sensitive data like Teams channel messages. ๐ค
#synology #disclosure #modzero
modzero.com/en/blog/when...
nooooooooooo... ๐
25.06.2025 12:52 โ ๐ 2 ๐ 0 ๐ฌ 1 ๐ 0๐ง
14.05.2025 14:47 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0*rรผlps
24.04.2025 08:07 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0nice!
02.04.2025 05:04 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0"kick off" passt ganz gut. wenn auch noch ein wenig zu hรถflich
31.03.2025 07:54 โ ๐ 2 ๐ 0 ๐ฌ 1 ๐ 0vielleicht mal ein argument fรผr bildungsgeld, das auch neolibs verstehen?
31.03.2025 06:49 โ ๐ 3 ๐ 0 ๐ฌ 0 ๐ 0ja!
11.02.2025 08:10 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0Dive into the process of reverse engineering, gadget hunting, and crafting a working exploit.
07.02.2025 17:10 โ ๐ 2 ๐ 0 ๐ฌ 0 ๐ 0Via Return-Oriented Programming chain small code snippets, or gadgets, already present in a programโs memory can be leveraged
By chaining these gadgets together, they can execute arbitrary code without injecting anything new
ROPing our way to โYay, RCEโ - and a lesson in the importance of a good nights sleep!
Follow our Colleague Michaels journey of developing an ARM ROP chain to exploit a buffer overflow in uc-http
modzero.com/en/blog/ropi...
๐ Unser #kandidierendencheck ist online: 18 Thesen beantworten - und ihr erfahrt, welche Kandidierenden in eurem Wahlkreis so denken wie ihr. ๐
www.kandidierendencheck.de/bundestag
uuuuh, nice.
03.02.2025 09:11 โ ๐ 3 ๐ 0 ๐ฌ 0 ๐ 0hier! *wink
03.02.2025 09:08 โ ๐ 3 ๐ 0 ๐ฌ 1 ๐ 0kluk ๐
29.01.2025 11:50 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
Seit heute ist der Real-O-Mat online. Das Tool vergleicht die eigene Position bei relevanten Fragen mit denen der Fraktionen im Bundestag. Grundlage dafรผr sind keine Wahlkampfversprechen, sondern das Abstimmungsverhalten.
netzpolitik.org/2025/real-o-...
"aus Verzweiflung rechtsradikal" wรคhlen?
29.01.2025 06:49 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0๐
27.01.2025 15:46 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0ugh. ๐ท
27.01.2025 09:16 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0kchkchkch. passt iwie auch immer. also, gern geschehen!
27.01.2025 07:51 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0๐ต why don't you leave yor name and your number ... ๐ถ
27.01.2025 07:43 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0learn all about it from our colleagues Pascal and Christoph at their 37c3 talk or from our published disclosure report: modzero.com/en/blog/mult...
16.01.2025 15:06 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0attackers could then listen in on conversations using the built-in microphones or could reroute incoming and outgoing calls ... and so on
16.01.2025 15:06 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0we found several vulnerabilities in commonly used desk phones and smart conference speakers. combined, the issues can be used to take over a device through the local network or with physical access
16.01.2025 15:06 โ ๐ 0 ๐ 0 ๐ฌ 1 ๐ 0
was just listening to #DeLaSoul's classic #RingRingRing on the radio and thought about the time we broke a phone.
or: how some coupled minor pinches can become a proper headache
colleagues @yonk42.bsky.social and @parzel.bsky.social talked about it at #37c3
www.youtube.com/watch?v=K9mm...
So, Hamburg. Heute auf die Straรe gegen Weidel und die fucking AfD. Wir sehen uns!
16.01.2025 06:43 โ ๐ 252 ๐ 62 ๐ฌ 7 ๐ 1
2023: Remigration 2022: Klimaterroristen 2021: Pushback 2020: Corona-Diktatur und Rรผckfรผhrungspatenschaften 2019: Klimahysterie 2018: Anti-Abschiebe-Industrie 2017: Alternative Fakten 2016: Volksverrรคter 2015: Gutmensch 2014: Lรผgenpresse 2013: Sozialtourismus
Wenn Sie sich die Unwรถrter der letzten 11 Jahre anschauen, was fรคllt Ihnen auf?
โข 2024 Biodeutsch
โข 2023 Remigration
We were quite happy - at least for a minute - for there are probably easier ways to achieve the final result.
So let us know if you have a better approach :)
contact via link!
