Analysis of the “lib__mdma.so.1” userland rootkit

Note to the reader: This blogpost was written “as it happened”, so it may jump around the place a bit. I’ll try clean it up somewhat before I hit publish, but I probably won’t have time to do much serious editing. Also, there is some value in showing the process, I guess. Or maybe that …

Continue reading “Analysis of the “lib__mdma.so.1” userland rootkit”

Zimbra “nginx” Local Root Exploit

Recently I decided to have a look at the somewhat popular email and collaboration platform, Zimbra, with the idea to go find some bugs in it. I’m simply dropping these as full disclosure, because the Zimbra “disclosure policy” prohibits publication of exploit code, which is something I find incredibly disagreeable. I also find that “responsible” …

Continue reading “Zimbra “nginx” Local Root Exploit”