In the following post I go through how to escape from a truly air gapped network using Apple Wireless Direct Link -network and leveraging information leakage privacy issue in Apple devices. Issue was fixed by Apple on 24th of April 2021 with iOS 14.5, iPadOS 14.5, watchOS 7.4 …

Zero-Click Zip TL;DR I found a zero click vulnerability in Apple Mail, which allowed me to add or modify any arbitrary file inside Mail’s sandbox environment. This could lead to many bad things including unauthorized disclosure of sensitive information to a third party. An attacker can modify victim’s Mail configuration including mail redirects…

Plot twist: this time it is not about us doing vulnerability research and reporting. This is a story about our customer in action, told to us by their CISO with a promise to share it anonymously. When there is a failure in network isolation — a leak — it gets…

I recently found a surprising leak vector in Windows 10 installations. We were porting our Beacon Application to Windows and for easy deployment. The plan was to create just one .exe including everything. However we found out that End Point Protection (EPP) solutions didn’t like that at all and we…

When you need to build isolated and strictly restricted Linux environments for special purposes you want to know it truly is and stays isolated. Typically isolation is done with strict firewall rules, VLAN segregation or even with air gaps. But the common question remains. …

We recently implemented a network escape to SensorFu Beacon that uses Ethernet broadcasts. Why? First of all you can test all the hosts in the LAN (Local Area Network) with one packet. Second, with broadcast frames, all the devices in the LAN think the frame is for them. Once we…