Microsoft found a vulnerability (CVE-2021-30892) that could allow an attacker to bypass System Integrity Protection (SIP) in macOS. We shared our findings with Apple via coordinated vulnerability disclosure, and a fix was released October 26.

Detection Lab is a collection of Packer and Vagrant scripts that allow you to quickly bring a Windows Active Directory online, complete…

Move CS beacon to GPU memory when sleeping. Contribute to oXis/GPUSleep development by creating an account on GitHub.

To protect our users, TAG routinely hunts for 0-day vulnerabilities exploited in-the-wild. In late August 2021, TAG discovered watering hole attacks targeting visitors t…

A step by step approach to reverse engineer Hyper-V and have a low level insight into Virtual Trust Levels.

During the last two weeks of my summer (as of writing, summer 2021), I decided to try and take a crack at iOS 14 kernel exploitation with the IOMobileFramebuffer OOB pointer read (CVE-2021-30807). Unfortunately, a couple days after I moved back into school…

During my summer internship, I had the wonderful opportunity to work on the Manticore User Interface (MUI). The MUI project aims to combine the strength of both Manticore, a powerful symbolic execution library, and Binary Ninja, a popular binary analysis…

USENIX Security '21 - SyzVegas: Beating Kernel Fuzzing Odds with Reinforcement Learning

Daimeng Wang, Zheng Zhang, Hang Zhang, Zhiyun Qian, Srikanth V. Krishnamurthy, and Nael Abu-Ghazaleh, University of California, Riverside

Fuzzing embeds a large number…

Shellcode injection technique. Given as C++ header, standalone Rust program or library. - Idov31/FunctionStomping

$100,500 Apple Bug Bounty for hacking the webcam via a Safari Universal Cross-Site Scripting (UXSS) bug. CVE-2021-30861, CVE-2021-30975

Cuckoo and CAPE sandbox evasion in one legitimate Windows API function call? It is possible due to issues we found in Cuckoo and CAPE monitor.

OffensiveCon2022: Case Studies of Fuzzing with Xen - Download as a PDF or view online for free

Introduction On the 7th of February, Microsoft announced an impending change to its ubiquitous suite of Office apps. In Microsoft’s own words: “VBA macros obtained from the internet will now be blocked by default”. The change is expected to begin rolling…

FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up. - fgsect/FitM