Moritz Abrell

Finally published the blog post about abusing @Zoom for remote attacks on endponits: blog.syss.com/posts/zero-tou… It was fun to present this at @BlackHatEvents

I am currently working on version 2 of the PicoGlitcher (mkesenheimer.github.io/blog/pico-glit…) to perform #FaultInjection and #VoltageGlitching. Here is a teaser what it can achieve. Version 2 is capable of basic pulse-shaping.

AudioCodes desk phones and Zoom's Zero Touch Provisioning (ZTP) vulnerabilities exposed! Eavesdrop, infiltrate networks, or even forge botnets. Read how vulnerabilities are exploited: thehackernews.com/2023/08/zoom-z… #cybersecurity #hacking #informationsecurity

Introduction to Voltage Glitching (STM32L051 microcontroller) blog.syss.com/posts/voltage-… Credits @BartimaeusvUruk #hardware #infosec

Today we published the blog post about the BLE analysis of a COROS PACE3 sports watch: blog.syss.com/posts/bluetoot… #CVE #Vulnerability #BLE #COROS

Check out the discovery and analysis of CVE-2025-33073 by my colleagues. A vulnerability with real-world impact. blog.syss.com/posts/kerberos…

Today, my new blog article titled "Voltage Glitching with the Pico Glitcher and Findus" was published. You can find it on the SySS Tech Blog: blog.syss.com/posts/voltage-…

Check out our today published CVEs on @AudioCodes Session Border Controller and One Voice Operation Center. Unauthenticated path traversal, hard-coded keys and unauthenticated persistent XSS. syss.de/pentest-blog/m… CVE-2024-52883 CVE-2024-52882 CVE-2024-52884 CVE-2024-52881

Today, I've published the security advisory SYSS-2024-085 (CVE-2024-38499) concerning a security vulnerability in the desktop and server management software CA Client Automation by @broadcom. You can find further informationen in the SySS Pentest blog: syss.de/pentest-blog/s…

Today, SySS published several security vulnerabilities concerning the SICK products InspectorP61x, InspectorP62x, and TiM3xx. These issues were found by my colleagues Manuel Stotz and Tobias Jäger. You can find further information in the SySS blog: syss.de/pentest-blog/k…

The talks are uploaded, thanks @defcon . Check out my talk about hacking the Ewon Cosy+ youtu.be/fc6c2hP86Wk?si…

Security analysis of a VoIP deskphone firmware blog.syss.com/posts/voip-des… Credits Moritz Abrell #infosec #embedded

Thanks to all joining my talk @defcon. Find all the details about the research in our blog: blog.syss.com/posts/hacking-…

Not mind blowing, but it was a fun RE project☺️ #ALE #RE #CVE #Hacking blog.syss.com/posts/voip-des…

This is going to be great! Join the session on Sunday at @defcon and see how we hacked a secure industrial remote access solution. #exploitation #DC32 defcon.org/html/defcon-32…

The third hot summer in a row. Looking forward to seeing you at DEFCON32. @defcon #DEFCON32

Today, my colleagues Tobias Jäger und Manuel Stotz published a @saleae Logic 2 extension for the secure element Microchip ATECC508A. You can find it in our SySS GitHub Repository: github.com/SySS-Research/…

No Hat 2023 was a blast 🚀 With 4 tracks & over 800 attendees, it became our largest edition yet! 🔥 While gearing up for No Hat 2024 - find yourself in our 2023 wrap up! youtu.be/Iz_2dY2aEAQ?si… #nohat2023 #computer #security #conference