Research

06 Mar 2019– [Advisory] - ASP.NET Boilerplate

Claudio Contin found an input validation issue with ABP 4.2. Details of the issue inclukding a patch are available on Github here .

 

20 Feb 2019– [Advisory] - Multiple issues in Teracue ENC-400

Stephen Shkardoon found multiple issues in the Teracue ENC-400 hardware, including a pre-authentication remote code execution vulnerability. Further details are available here .

 

17 Dec 2019– [Advisory] - SolarWinds SERV-U

Claudio Contin found that CSRF tokens are not implemented in the file upload functionality of the Secure File Transfer web client. Solarwinds provided an advisory and resolution for this issue here .

 

01 May 2018 – [Advisory] - Multiple issues in WatchGuard Access Points

Stephen Shkardoon recently found multiple issues in WatchGuard Access Points which result in remote code execution. ZX Security has created an advisory for these issues.

 

30 July 2017 – [Tool] - NEMAsnitch

NMEAsnitch works to detect malicious NMEA serial data. This tool was first presented at Defcon 25.

 

18 March 2017 – [Tool] - NEMAdeysnc

While tardgps worked by changing time by manipulating GPS signals, NMEAdesync manipulates time through the NMEA serial data sent between the GPS receiver and the NTP device. This tool was first presented at BSidesCBR.

 

21 November 2016 – [Tool] - tardgps

Dave Robinson has continued his work into GPS Spoofing and its implications. Dave has developed a tool call tardgps which allows an attacker to change the time on a GPS-enabled NTP server without crashing the NTP daemon. This time manipulation was first presented at Kiwicon X in Wellington.

 

07 July 2016 – [Tool] - Steamer

Import, manage, search public dumps. Do you have massive amounts of CSV, .sql, .txt, that have credentials, passwords, and hashes inside? Use Steamer to manage them! Load them into a MongoDB database, and either use the console directly or just use the handy web interface (complete with JSON export).

 

07 July 2016 – [Tool] - GPS Snitch

Dave Robinson’s work on GPS spoofing has led to the development of a tool called gpsnitch which is designed to identify such attacks. Dave’s original research into this topic was presented in Melbourne at Unrestcon.

 

Contact Us

Level 1, 48 Willis Street,
Wellington

contact@zxsecurity.co.nz