If you want to hunt for MeetingOwl devices in your network. Check for devices with a MAC Address starting with BC:D7:13 or check your proxy/firewall/dns logs for connections to owllabs.com

Hey twitterverse. Anyone got some old 8192hz 2-pin crystals around? Yeah 8.192khz not mhz.

I will be at the Area41 Security Con and giving some insights on the #MeetingOwl issues during my talk. Come meet me in the hallway track 😀 during the conference days and have a good chat 🍻

Oops, they did it again! The Titan-M chip is the root of all security in Google's Pixel phones Damiano Melotti & Maxime Rossi Bellom will talk about their journey from Reversing & Fuzzing to Code Execution & leaking its encryption keys tomorrow at TROOPERS Conference troopers.de/troopers22/age…

Had a look at quite a nice (new-ish?) way to dump LSASS memory into WinDBG Time Travel Debugging (TTD) format, and pull creds out offline. 🧵

We found a security issue in the latest CrowdStrike #FalconSensor. The bug itself isn't worth a tweet as the severity is pretty low. However, we’d like to shed some light on a ridiculous vulnerability disclosure process with CrowdStrike. #CVE-2022-2841 modzero.com/modlog/archive…

If you are privileged on system but Falcon is getting in you way. Fear not, just uninstall it. The uninstall token is not required. See modzero.com/modlog/archive… for details.

Can’t wait for AI to take over the world

This is appreciation when submitting a bug:"We realise you’ve already spent plenty of time helping us so far."

How Wi-Fi spy drones snooped on financial firm go.theregister.com/feed/www.there…

Finally, it is the year of Linux on the desktop

@[email protected] Mastodon (@[email protected]) see you over there. If you like that i find you there as well reply with the handle or dm me with it.

Reverse engineering via GDB. x.com/ClownWorld_/st…

Better make sure your password manager is secure -- or someone else will. We found critical security issues in the enterprise password manager Passwordstate that allowed to access passwords and gain a shell -- without any authentication #CVE-2022-3875 modzero.com/modlog/archive…

Please remind me how we are moving forward. In this video, a machine from the year ~2000 (600MHz, 128MB RAM, spinning-rust hard disk) running Windows NT 3.51. Note how incredibly snappy opening apps is. 👇

How do you hack Internet-connected devices? Today, our colleagues parzel and @[email protected] will present their research at the #37C3 on how to turn a Poly VoIP phone into a wiretap, giving beginners some starting points for own research projects. events.ccc.de/congress/2023/…

We identified critical vulnerabilities in MailCleaner. A command injection vulnerability can be exploited by sending an Email. Our report can be found here: modzero.com/en/advisories/… Kudos to chaos.social/@born0monday and chaos.social/@parzel #MailCleaner #CVE-2024-3191 #Infosec

Shells at midnight: Exploiting the flexibility of Email addresses for offensive purposes. Today we are publishing a new blog post about our disclosure report on #MailCleaner #CVE-2024-3191: modzero.com/en/blog/beyond… @[email protected] will also present at Area41 Security Con today.