Pinned
modzero
@modzero.bsky.social
· Nov 21
In-depth IT Security
modzero.com
Hello Bluesky 👋
We are an IT security company. Our team consists of like-minded hackers located in Germany and Switzerland.
Our core areas of expertise are comprehensive technical security analyses, penetration tests and red teaming services.
Want to learn more about us?
Check: modzero.com/en/
We are an IT security company. Our team consists of like-minded hackers located in Germany and Switzerland.
Our core areas of expertise are comprehensive technical security analyses, penetration tests and red teaming services.
Want to learn more about us?
Check: modzero.com/en/
No Leak, No Problem - Remember our PSA about updating your INSTAR cameras? Here’s the reason in detail, worked out and noted by our teammate Michael Imfeld:
modzero.com/en/blog/no-l...
modzero.com/en/blog/no-l...
No Leak, No Problem - Bypassing ASLR with a ROP Chain to Gain RCE
modzero.com
November 10, 2025 at 1:12 PM
No Leak, No Problem - Remember our PSA about updating your INSTAR cameras? Here’s the reason in detail, worked out and noted by our teammate Michael Imfeld:
modzero.com/en/blog/no-l...
modzero.com/en/blog/no-l...
Does anyone here have a working way to contact archive.org?
It's about a security issue...
It's about a security issue...
November 6, 2025 at 1:19 PM
Does anyone here have a working way to contact archive.org?
It's about a security issue...
It's about a security issue...
catch a glimpse of us holding our annual “state of the zero” meetup - to wrap our heads around all of IT and us.
we also took a boat trip, ate too many sweets, touched some grass, saved the world, had a barbecue and a drink or two…💓
#modzero #infosec #itsecurity #captainitswednesday
we also took a boat trip, ate too many sweets, touched some grass, saved the world, had a barbecue and a drink or two…💓
#modzero #infosec #itsecurity #captainitswednesday
September 28, 2025 at 6:01 PM
catch a glimpse of us holding our annual “state of the zero” meetup - to wrap our heads around all of IT and us.
we also took a boat trip, ate too many sweets, touched some grass, saved the world, had a barbecue and a drink or two…💓
#modzero #infosec #itsecurity #captainitswednesday
we also took a boat trip, ate too many sweets, touched some grass, saved the world, had a barbecue and a drink or two…💓
#modzero #infosec #itsecurity #captainitswednesday
PSA update your INSTAR cameras. Our teammate Michael Imfeld identified a critical RCE (CVE-2025-8760) on 2k+ and 4K devices. Find the advisory here:
modzero.com/en/advisorie...
modzero.com/en/advisorie...
[MZ-25-03] INSTAR 2K+ and 4K Series
modzero.com
August 14, 2025 at 1:28 PM
PSA update your INSTAR cameras. Our teammate Michael Imfeld identified a critical RCE (CVE-2025-8760) on 2k+ and 4K devices. Find the advisory here:
modzero.com/en/advisorie...
modzero.com/en/advisorie...
Teammate Leonid discovered a leaked credential that allowed anyone unauthorized access to all Microsoft tenants of orgs that use Synology's "Active Backup for Microsoft 365" (ABM), including sensitive data like Teams channel messages. 🤓
#synology #disclosure #modzero
modzero.com/en/blog/when...
#synology #disclosure #modzero
modzero.com/en/blog/when...
When Backups Open Backdoors: Accessing Sensitive Cloud Data via
modzero.com
June 29, 2025 at 8:01 AM
Teammate Leonid discovered a leaked credential that allowed anyone unauthorized access to all Microsoft tenants of orgs that use Synology's "Active Backup for Microsoft 365" (ABM), including sensitive data like Teams channel messages. 🤓
#synology #disclosure #modzero
modzero.com/en/blog/when...
#synology #disclosure #modzero
modzero.com/en/blog/when...
nooooooooooo... 💔
Tiny Chef announces his show has been cancelled at Nickelodeon after 2 seasons and 41 episodes.
June 25, 2025 at 12:53 PM
nooooooooooo... 💔
ROPing our way to “Yay, RCE” - and a lesson in the importance of a good nights sleep!
Follow our Colleague Michaels journey of developing an ARM ROP chain to exploit a buffer overflow in uc-http
modzero.com/en/blog/ropi...
Follow our Colleague Michaels journey of developing an ARM ROP chain to exploit a buffer overflow in uc-http
modzero.com/en/blog/ropi...
ROPing our way to RCE
modzero.com
February 7, 2025 at 5:10 PM
ROPing our way to “Yay, RCE” - and a lesson in the importance of a good nights sleep!
Follow our Colleague Michaels journey of developing an ARM ROP chain to exploit a buffer overflow in uc-http
modzero.com/en/blog/ropi...
Follow our Colleague Michaels journey of developing an ARM ROP chain to exploit a buffer overflow in uc-http
modzero.com/en/blog/ropi...
Reposted by modzero
🔔 Unser #kandidierendencheck ist online: 18 Thesen beantworten - und ihr erfahrt, welche Kandidierenden in eurem Wahlkreis so denken wie ihr. 👇
www.kandidierendencheck.de/bundestag
www.kandidierendencheck.de/bundestag
kandidierendencheck Bundestagswahl 2025 | Wahlhilfe für deine Erststimme
Vergleichen Sie Ihre Meinung mit der Ihrer Kandidierenden über 18 Themen zur Wahl! Jetzt mitmachen!
www.kandidierendencheck.de
February 3, 2025 at 8:28 AM
🔔 Unser #kandidierendencheck ist online: 18 Thesen beantworten - und ihr erfahrt, welche Kandidierenden in eurem Wahlkreis so denken wie ihr. 👇
www.kandidierendencheck.de/bundestag
www.kandidierendencheck.de/bundestag
Reposted by modzero
Seit heute ist der Real-O-Mat online. Das Tool vergleicht die eigene Position bei relevanten Fragen mit denen der Fraktionen im Bundestag. Grundlage dafür sind keine Wahlkampfversprechen, sondern das Abstimmungsverhalten.
netzpolitik.org/2025/real-o-...
netzpolitik.org/2025/real-o-...
Real-O-Mat: Taten zählen mehr als Worte
Seit heute ist der Real-O-Mat online. Das Tool vergleicht die eigene Position bei relevanten Fragen mit denen der Fraktionen im Bundestag. Grundlage dafür sind keine Wahlkampfversprechen, sondern das ...
netzpolitik.org
January 29, 2025 at 10:35 AM
Seit heute ist der Real-O-Mat online. Das Tool vergleicht die eigene Position bei relevanten Fragen mit denen der Fraktionen im Bundestag. Grundlage dafür sind keine Wahlkampfversprechen, sondern das Abstimmungsverhalten.
netzpolitik.org/2025/real-o-...
netzpolitik.org/2025/real-o-...
was just listening to #DeLaSoul's classic #RingRingRing on the radio and thought about the time we broke a phone.
or: how some coupled minor pinches can become a proper headache
colleagues @yonk42.bsky.social and @parzel.bsky.social talked about it at #37c3
www.youtube.com/watch?v=K9mm...
or: how some coupled minor pinches can become a proper headache
colleagues @yonk42.bsky.social and @parzel.bsky.social talked about it at #37c3
www.youtube.com/watch?v=K9mm...
37C3 - Finding Vulnerabilities in Internet-Connected Devices
YouTube video by media.ccc.de
www.youtube.com
January 16, 2025 at 3:06 PM
was just listening to #DeLaSoul's classic #RingRingRing on the radio and thought about the time we broke a phone.
or: how some coupled minor pinches can become a proper headache
colleagues @yonk42.bsky.social and @parzel.bsky.social talked about it at #37c3
www.youtube.com/watch?v=K9mm...
or: how some coupled minor pinches can become a proper headache
colleagues @yonk42.bsky.social and @parzel.bsky.social talked about it at #37c3
www.youtube.com/watch?v=K9mm...
Reposted by modzero
So, Hamburg. Heute auf die Straße gegen Weidel und die fucking AfD. Wir sehen uns!
January 16, 2025 at 6:43 AM
So, Hamburg. Heute auf die Straße gegen Weidel und die fucking AfD. Wir sehen uns!
Reposted by modzero
Wenn Sie sich die Unwörter der letzten 11 Jahre anschauen, was fällt Ihnen auf?
• 2024 Biodeutsch
• 2023 Remigration
January 13, 2025 at 1:32 PM
Wenn Sie sich die Unwörter der letzten 11 Jahre anschauen, was fällt Ihnen auf?
• 2024 Biodeutsch
• 2023 Remigration
We broke something:
in a recent pentest on a hardened target, we were able to achieve unauthenticated Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) in a Spring Boot application
We wrote it down for you to try at home:
modzero.com/en/blog/spri...
in a recent pentest on a hardened target, we were able to achieve unauthenticated Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) in a Spring Boot application
We wrote it down for you to try at home:
modzero.com/en/blog/spri...
Exploiting SSTI in a Modern Spring Boot Application (3.3.4)
modzero.com
January 10, 2025 at 9:51 AM
We broke something:
in a recent pentest on a hardened target, we were able to achieve unauthenticated Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) in a Spring Boot application
We wrote it down for you to try at home:
modzero.com/en/blog/spri...
in a recent pentest on a hardened target, we were able to achieve unauthenticated Remote Code Execution (RCE) via Server-Side Template Injection (SSTI) in a Spring Boot application
We wrote it down for you to try at home:
modzero.com/en/blog/spri...
Reposted by modzero
Der @ths.ch und ich haben uns beim #38C3 mal wieder mit Wahlsoftware beschäftigt.
media.ccc.de/v/38c3-der-t...
media.ccc.de/v/38c3-der-t...
Der Thüring-Test für Wahlsoftware
Wähle Dein Risiko!
Vor der Bundestagswahl 2017 veröffentlichten wir unsere Analyse über haarsträubende Sicherheitslücken in einer weit v...
media.ccc.de
December 29, 2024 at 10:13 AM
Der @ths.ch und ich haben uns beim #38C3 mal wieder mit Wahlsoftware beschäftigt.
media.ccc.de/v/38c3-der-t...
media.ccc.de/v/38c3-der-t...
December 18, 2024 at 8:23 AM
Reposted by modzero
Wieder ein mega Programm!
Der CCC hat zu seinem Chaos Communication Congress #38C3 den ersten Fahrplan veröffentlicht:
Version Alpha-0.1
fahrplan.events.ccc.de/congress/202...
Der CCC hat zu seinem Chaos Communication Congress #38C3 den ersten Fahrplan veröffentlicht:
Version Alpha-0.1
fahrplan.events.ccc.de/congress/202...
December 3, 2024 at 8:14 AM
Wieder ein mega Programm!
Der CCC hat zu seinem Chaos Communication Congress #38C3 den ersten Fahrplan veröffentlicht:
Version Alpha-0.1
fahrplan.events.ccc.de/congress/202...
Der CCC hat zu seinem Chaos Communication Congress #38C3 den ersten Fahrplan veröffentlicht:
Version Alpha-0.1
fahrplan.events.ccc.de/congress/202...
Reposted by modzero
I can highly recommend Shazzer from @garethheyes.co.uk, such a great tool for XSS research!
Digging for XSS Gold: Unearthing Browser Quirks with Shazzer
YouTube video by PortSwigger
www.youtube.com
November 27, 2024 at 9:11 AM
I can highly recommend Shazzer from @garethheyes.co.uk, such a great tool for XSS research!
Hello Bluesky 👋
We are an IT security company. Our team consists of like-minded hackers located in Germany and Switzerland.
Our core areas of expertise are comprehensive technical security analyses, penetration tests and red teaming services.
Want to learn more about us?
Check: modzero.com/en/
We are an IT security company. Our team consists of like-minded hackers located in Germany and Switzerland.
Our core areas of expertise are comprehensive technical security analyses, penetration tests and red teaming services.
Want to learn more about us?
Check: modzero.com/en/
In-depth IT Security
modzero.com
November 21, 2024 at 2:21 PM
Hello Bluesky 👋
We are an IT security company. Our team consists of like-minded hackers located in Germany and Switzerland.
Our core areas of expertise are comprehensive technical security analyses, penetration tests and red teaming services.
Want to learn more about us?
Check: modzero.com/en/
We are an IT security company. Our team consists of like-minded hackers located in Germany and Switzerland.
Our core areas of expertise are comprehensive technical security analyses, penetration tests and red teaming services.
Want to learn more about us?
Check: modzero.com/en/