nedwill

@NedWilliamson

The Antifragile Auditor

soundhax.com
Joined January 2012
8 Photos and videos Photos and videos

Tweets

You blocked @NedWilliamson

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @NedWilliamson

  1. Pinned Tweet
    Apr 7

    My first blog post! tl;dr starting with VirtualBox

    9 replies . 110 retweets 450 likes
    Undo
  2. May 27

    I finally got some time today to go for a bug on VirtualBox. Screen recorded for about 4 hours and went from basic fuzzer setup to legit looking bug in that time! Likely OOB write in [redacted] using my hybrid fuzz/audit approach. If exploitable I'll report it and prep the video.

    14 replies . 17 retweets 277 likes
    Undo
  3. May 20

    Also, it is interesting to note that these testcases were generated completely automatically by libprotobuf-mutator based fuzzing. I only specified how to call a (small) subset of kernel syscalls related to networking so far, and it explored to find these cases for me.

    1 reply . 7 retweets 52 likes
    Show this thread
    Show this thread
    Undo
  4. May 20

    Here's the bug. Not entirely clear if this is powerful enough alone for tfp0, but I'm continuing to investigate and look for new bugs.

    XNU: Use-after-free due to stale pointer left by in6_pcbdetach
    18 replies . 30 retweets 167 likes
    Show this thread
    Show this thread
    Undo
  5. May 16

    When I reported CVE-2019-8605 I could only repro it on macOS with root user. I've found a way to reach it from the app sandbox on iOS. Don't update to 12.3 needlessly while I continue to investigate!

    21 replies . 85 retweets 418 likes
    Undo
  6. May 13

    Two more XNU iOS net stack bugs fixed in iOS 12.3. Write-ups/PoC coming next week. No tfp0 from these afaict.

    3 replies . 24 retweets 136 likes
    Undo
  7. May 8

    Woohoo! Let's see more IPC-based full chains in 2019! your turn

    Replying to @marcograss @NedWilliamson
    Many thanks to and , we learned a lot from your great sharing. Thank you guys!
    1 retweet 28 likes
    Undo
  8. Apr 30

    BTW, I'm still continuing with the Virtualbox video after resounding feedback that this is something people want. To be transparent I'm switching the build system to CMake to make it easier to hack on the code; it's time consuming and "boring" but it *is* part of the process.

    1 retweet 31 likes
    Undo
  9. Apr 30

    Awesome to see a full chain exploit using IPC patched in Chrome today! It just goes to show that IPC is the weak link again after the win32k lockdown left exploit developers in a daze!

    1 reply . 30 retweets 138 likes
    Undo
  10. Apr 27

    Really rethinking screen recording this bug hunting work. I can already tell how boring this is gonna be narrating after the fact! I'll probably just blog this one. Either way I have a good 10 hours or so of looking dumb just to prove there's no magic involved (for me). ;)

    5 replies . 1 retweet 47 likes
    Undo
  11. Retweeted
    Apr 23

    Interesting scam: Post fake exploit videos on Twitter to gain reputation, then offer paid trainings and disappear

    This Tweet is unavailable.
    15 replies . 102 retweets 196 likes
    Show this thread
    Show this thread
    Undo
  12. Apr 17

    The real reason to do bug hunting is to give you motivation to learn boring stuff. When was the last time you read an IPv6 for BSD reference manual with desperate enthusiasm? What if it meant you could hack the iPhone? XD

    6 replies . 41 retweets 220 likes
    Undo
  13. Apr 16

    Going to take a look at SVGA next, the default graphics device for Windows 10 for Virtualbox. Thanks again to for helpful pointers on target selection!

    1 reply . 43 likes
    Undo
  14. Apr 15

    Bye Reggie 👋 💙 really wonder if you ever used soundhax :)

    2 replies . 28 likes
    Undo
  15. Apr 12

    Just confirmed with that 3d accel in virtual box is really, really bad. It's so bad it's not even really informative to demo so I'll continue with some default config attack surface. Lolz

    2 replies . 4 retweets 58 likes
    Undo
  16. Apr 11

    This is just like PF_KEY all over again

    1 reply . 1 retweet 5 likes
    Undo
  17. Apr 11

    Might have a bug already if I'm not crazy... I just have no idea how this code is supposed to be working xD

    29 likes
    Undo
  18. Retweeted
    Apr 8

    Call for One Page Articles for the 1st issue of Paged Out! zin! (it's a new free experimental deeply technical zin we're starting; it's about programming/security/hacking/demoscene/retro/electronics/etc) Details: Story: Please RT :)

    8 replies . 254 retweets 359 likes
    Undo
  19. Apr 1

    Blog hosting platform suggestions? Gonna post some thoughts about the first target(s) for bug hunting.

    16 replies . 1 retweet 29 likes
    Undo
  20. Mar 28

    I've been planning for a long time to make a video of finding a 0day "live" ( style). I'll have to report any bug I find before posting the video, so it'll be some time. Anyone have any suggested targets? It's probably best if it's something I haven't seen before.

    29 replies . 18 retweets 260 likes
    Undo

@NedWilliamson hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·