Skip to content
Skip to site menu

ZX Security

Our research

We are a specialist IT Security Consultancy that works with your business to identify and assess the security posture of your systems and people.

The latest…

Insights

View all of our insights

Green Team Tree Planting at Ōwhiro Bay

26th June 2023

ZX Green Team gets muddy planting native trees.

View insight: Green Team Tree Planting at Ōwhiro Bay
ZX Hosts 10 Brandon Street Green Team meeting

20th June 2023

Last month ZX hosted the 10 Brandon Street Green Team meeting bringing together Green Teams from other companies in our building to share sustainability ideas.

View insight: ZX Hosts 10 Brandon Street Green Team meeting
Setting off on our carbon neutral journey

27th February 2023

We are thrilled to announce that we have officially set off on our carbon neutral journey with Toitū Envirocare!

View insight: Setting off on our carbon neutral journey

Maturity models

View all of our maturity models

DoS Preparation

1st November 2021

Denial of Service attacks are preventable for the most part.

View maturity model: DoS Preparation
Ransomware Preparation

22nd June 2021

Assess your company's security posture and learn how to identify and prevent ransomware attacks.

View maturity model: Ransomware Preparation

Advisories

View all of our advisories

Security Feature Bypass In Zitadel — Race Condition

13th November 2023

Zitadel was found to be vulnerable to a race condition, leading to the application processing numerous successful brute-force login attempts before triggering an account lockout.

View advisory: Security Feature Bypass In Zitadel
Zitadel one click silent account takeover — Multiple issues

7th November 2023

The avatar upload functionality was found to be vulnerable to stored cross-site scripting via SVG's.

View advisory: Zitadel one click silent account takeover
Security Feature Bypass In ASP.NET and Visual Studio — Race Condition

12th July 2023

The SignInManager in ASP.NET was found to be vulnerable to a Race Condition leading to thousands of successful brute-force login attempts before triggering an account lockout.

View advisory: Security Feature Bypass In ASP.NET and Visual Studio

Tools

View all of our released tools

NMEAsnitch

NMEAsnitch works to detect malicious NMEA serial data.

This tool was first presented at Defcon 25.
NMEAdeysnc

While tardgps worked by changing time by manipulating GPS signals, NMEAdesync manipulates time through the NMEA serial data sent between the GPS receiver and the NTP device.

This tool was first presented at BSidesCBR.
tardgps

Dave Robinson has continued his work into GPS Spoofing and its implications. Dave has developed a tool call tardgps which allows an attacker to change the time on a GPS-enabled NTP server without crashing the NTP daemon.

This time manipulation was first presented at Kiwicon X in Wellington.

Take the next step

Talk to us today