Abusing tclsh to Load (Remote) Shellcode on macOS
Yet another LOOBins
Abusing tclsh to Load (Remote) Shellcode on macOS
Yet another LOOBins
Mistuned Part 3: PAC Bypass
Bypass hardware assisted mitigation using Objective-C runtime.
Mistuned Part 3: PAC Bypass
Bypass hardware assisted mitigation using Objective-C runtime.
Mistuned Part 2: Butterfly Effect
A simple access control issue makes a huge difference, leading to infoleak and use after free.
Mistuned Part 2: Butterfly Effect
A simple access control issue makes a huge difference, leading to infoleak and use after free.
Mistuned Part 1: Client-side XSS to Calculator and More
Remotely pwn iOS and pop up arbitrary app with 0 memory corruption.
Mistuned Part 1: Client-side XSS to Calculator and More
Remotely pwn iOS and pop up arbitrary app with 0 memory corruption.
Quick Analysis for the SSID Format String Bug
A rogue Wi-Fi hotspot can crash your phone.
Quick Analysis for the SSID Format String Bug
A rogue Wi-Fi hotspot can crash your phone.
See No Eval: Runtime Dynamic Code Execution in Objective-C
There is a turing-complete querying language embeded in Objective-C hidden in plain sight.
See No Eval: Runtime Dynamic Code Execution in Objective-C
There is a turing-complete querying language embeded in Objective-C hidden in plain sight.