POSTS

Tunnelling TCP connections into iOS on QEMU
By Lev Aronsky,
29-Mar 2020
,
Don't Ruck Us Too Hard - Owning Ruckus AP devices
By Gal Zror,
14-Jan 2020
,

CVE-2019-19834

CVE-2019-19835

CVE-2019-19836

CVE-2019-19837

CVE-2019-19838

CVE-2019-19839

CVE-2019-19840

CVE-2019-19841

CVE-2019-19842

CVE-2019-19843
Revised Homograph Attacks
By Tzachy Horesh,
29-Dec 2019
,
Breaking Algorithms - SMT Solvers for WebApp Security
By Leo Goldstien,
02-Sep 2019
,
Xiaomi Zigbee (3): Live Debugging
By Lev Aronsky,
15-Jul 2019
,
Xiaomi Zigbee (2): Beyond Architecture
By Lev Aronsky,
09-Jul 2019
,
Xiaomi Zigbee (1): Getting to know the hardware
By Lev Aronsky,
01-Jul 2019
,
Running iOS in QEMU to an interactive bash shell (2): research
By Jonathan Afek,
25-Jun 2019
,
Running iOS in QEMU to an interactive bash shell (1): tutorial
By Jonathan Afek,
17-Jun 2019
,
It takes only one StackOverflowException to bring down an Application deployed on IIS
By Gil Mirmovitch,
22-Oct 2018
,

CVE-2018-8269

ALEPH-2018002

ALEPH-2018003

ALEPH-2018004

ALEPH-2018005

ALEPH-2018006
Overcoming (some) Spectre browser mitigations
By Noam Hadad & Jonathan Afek,
26-Jun 2018
,
Exploiting Qualcomm EDL Programmers (5): Breaking Nokia 6's Secure Boot
By Roee Hay & Noam Hadad,
22-Jan 2018
,

QPSIIR-909

ALEPH-2017029

CVE-2017-13174

CVE-2017-5947
Exploiting Qualcomm EDL Programmers (4): Runtime Debugger
By Roee Hay & Noam Hadad,
22-Jan 2018
,

QPSIIR-909

ALEPH-2017029

CVE-2017-13174

CVE-2017-5947
Exploiting Qualcomm EDL Programmers (3): Memory-based Attacks & PBL Extraction
By Roee Hay & Noam Hadad,
22-Jan 2018
,

QPSIIR-909

ALEPH-2017029

CVE-2017-13174

CVE-2017-5947
Exploiting Qualcomm EDL Programmers (2): Storage-based Attacks & Rooting
By Roee Hay & Noam Hadad,
22-Jan 2018
,

QPSIIR-909

ALEPH-2017029

CVE-2017-13174

CVE-2017-5947
Exploiting Qualcomm EDL Programmers (1): Gaining Access & PBL Internals
By Roee Hay & Noam Hadad,
22-Jan 2018
,

QPSIIR-909

ALEPH-2017029

CVE-2017-13174

CVE-2017-5947
Untethered initroot (USENIX WOOT '17)
By Roee Hay,
30-Aug 2017
,

CVE-2016-10277

A-62345923
Nexus 9 vs. Malicious Headphones, Take Two
By Roee Hay,
13-Jun 2017
,

CVE-2017-0648

CVE-2017-0510

CVE-2017-0563

CVE-2017-0582
initroot: Hello Moto
By Roee Hay,
07-Jun 2017
,

CVE-2016-10277
initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection
By Roee Hay,
23-May 2017
,

CVE-2016-10277

CVE-2017-1000363
OnePlus OTAs: Analysis & Exploitation
By Roee Hay,
11-May 2017
,

CVE-2017-5948

CVE-2017-8850

CVE-2017-8851

CVE-2016-10370
Owning OnePlus 3/3T with a Malicious Charger: The Last Piece of the Puzzle
By Roee Hay,
26-Mar 2017
,

CVE-2017-5622

CVE-2017-5626

CVE-2017-5624
Attacking Nexus 9 with Malicious Headphones
By Roee Hay,
08-Mar 2017
,

CVE-2017-0510

CVE-2017-0563

CVE-2017-0582
Owning a Locked OnePlus 3/3T: Bootloader Vulns
By Roee Hay,
08-Feb 2017
,

CVE-2017-5626

CVE-2017-5624
Attacking Nexus 6/6P Custom Boot Modes
By Roee Hay & Michael Goberman,
05-Jan 2017
,

CVE-2016-8467

CVE-2016-6678

VULNS

12/17/19

ALEPH-2019014
Ruckus CLI (rkscli) jailbreak
12/17/19

CVE-2019-19843
Admin credentials leakage
12/17/19

CVE-2019-19842
Remote command injection via a crafted HTTP request (cmdSpectraAnalysis)
12/17/19

CVE-2019-19841
Remote command injection via a crafted HTTP request (cmdPacketCapture)
12/17/19

CVE-2019-19840
Stack buffer overflow in zap executable
12/17/19

CVE-2019-19839
Remote command injection via a crafted HTTP request (cmdImportCategory)
12/17/19

CVE-2019-19838
Remote command injection via a crafted HTTP request (cmdImportAvpPort)
12/17/19

CVE-2019-19837
Information disclosure vulnerability
12/17/19

CVE-2019-19836
Remote code execution vulnerability via zap
12/17/19

CVE-2019-19835
SSRF vulnerability in zap
12/17/19

CVE-2019-19834
Ruckus CLI (ruckus_cli2) jailbreak
10/22/18

ALEPH-2018006
Potential DOS vulnerability in WCF services
10/22/18

ALEPH-2018005
Potential DOS vulnerability in applications that use ASP.NET Web API
10/22/18

ALEPH-2018004
Applications that use Newtonsoft.Json might be exposed to DOS vulnerability
10/22/18

ALEPH-2018003
DOS vulnerability in Azure Active Directory Graph API
10/22/18

ALEPH-2018002
DOS Vulnerability in SharePoint 2016 Server
10/22/18

CVE-2018-8269
OData Denial of Service Vulnerability
01/22/18

ALEPH-2017029
Nokia 6/5 EDL triggering through USB
01/22/18

QPSIIR-909
Qualcomm EDL Firehose Programmers Peek and Poke Primitives
01/22/18

CVE-2017-13174
Google Nexus 6 & 6P EDL triggering through ADB
01/22/18

CVE-2017-5947
OnePlus EDL triggering through ADB or Hardware Key Combination
01/09/18

CVE-2017-0829
Motorola Bootloader Old UTAGs may lead to Kernel Command-line Injection
08/30/17

A-62345923
Motorola Android Bootloader Unlocking a Re-locked Bootloader from Platform OS