Archive

Browse all posts by month and year.

February 2024

• Stalker Issue

February 2022

• Photographers WannCry (2017)

September 2021

• Mistuned Part 3: PAC Bypass

August 2021

• Mistuned Part 2: Butterfly Effect
• Mistuned Part 1: Client-side XSS to Calculator and More

June 2021

• Quick Analysis for the SSID Format String Bug

January 2021

• See No Eval: Runtime Dynamic Code Execution in Objective-C

August 2020

• X Site eScape (Part II): Look Up a Shell in the Dictionary

July 2020

• X Site eScape (Part III): CVE-2020-9860, A Copycat

May 2020

• X Site eScape (Part I): Exploitation of An Old CoreFoundation Sandbox Bug
• Revisiting An Old MediaRemote Bug (CVE-2018-4340)

November 2019

• Two macOS Persistence Tricks Abusing Plugins

April 2019

• Rootpipe Reborn (Part II): CVE-2019-8565 Feedback Assistant Race Condition
• Rootpipe Reborn (Part I): TimeMachine Command Injection

March 2019

• One-liner Safari Sandbox Escape Exploit

August 2018

• CVE-2018-8412: MS Office 2016 for Mac Privilege Escalation via a Legacy Package
• CVE-2018-4991: Adobe Creative Cloud Desktop Local Privilege Escalation via Signature Bypass
• Something About #realworldctf doc2own

June 2018

• Bypass macOS Rootless by Sandboxing

March 2018

• Visual Studio Code silently Fixed a Remote Code Execution Vulnerability

January 2016

• Bypass PHP Safe Mode by Abusing SQLite3's FTS Tokenizer