Niklas B

@_niklasb

0x10 engineer faking objects

Germany
phoenhex.re
Joined December 2016
51 Photos and videos Photos and videos

Tweets

You blocked @_niklasb

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @_niklasb

  1. Pinned Tweet
    May 26

    I wrote a thing about my macOS sandbox escape & LPE from Pwn2Own

    5 replies 260 retweets 563 likes
    Show this thread
    Show this thread
    Undo
  2. 19 hours ago

    how does it feel to drop 0d on Apple? You have good lawyers?

    3 replies 1 retweet 29 likes
    Show this thread
    Show this thread
    Undo
  3. 23 hours ago

    I just tested the jailbreak and it worked first try by the way

    24 likes
    Show this thread
    Show this thread
    Undo
  4. 23 hours ago

    This is really bad for end users, combined with a webkit 1day (to be found in git repo), a full chain could have been built just with readily available bugs for almost a month now

    3 replies 7 retweets 29 likes
    Show this thread
    Show this thread
    Undo
  5. 24 hours ago

    🤦‍♀️ apparently Apple undid a patch for 's bug in 12.4?

    unc0ver v3.5.0 is NOW OUT with iOS 12.4 support for A7-A11 devices (Latest and signed firmware)! GitHub releases: Reddit post:
    11 replies 55 retweets 213 likes
    Show this thread
    Show this thread
    Undo
  6. Retweeted
    Aug 17

    In multiple recent disclosure discussions on Twitter, I had said I will write a longer blog post about my views. I finally found the time to jot them down. I expect almost every reader to disagree with something vehemently. Enjoy "Disclosure Rashomon":

    33 replies 375 retweets 695 likes
    Undo
  7. Retweeted
    Aug 14

    My stance on this: the increased Apple bounty *will* make more researchers report bugs rather than selling them. It will also drive the price for these bugs higher on the offensive market, but isn’t that the goal?

    8 replies 7 retweets 96 likes
    Show this thread
    Show this thread
    Undo
  8. Retweeted
    Jul 29

    Today, and I unrestricted five bugs in iMessage! Here are some highlights:

    17 replies 307 retweets 827 likes
    Show this thread
    Show this thread
    Undo
  9. Jul 26

    German internet

    2 replies 1 retweet 20 likes
    Undo
  10. Retweeted
    Jul 25

    Darf ich kurz um eure Aufmerksamkeit bitten. Zumindest dann, wenn ihr a) Lebensmittelverschwendung nicht ab könnt, oder b) in einer Lebenssituation mit nur wenig Geld zum Leben seid.

    3 replies 24 retweets 34 likes
    Show this thread
    Show this thread
    Undo
  11. Jul 25

    The new quickJS release already fixed some of the issue we found, pretty neat, maybe this will be the first reasonably safe JS engine? :) In the meantime here's a new UAF for your pwning pleasure: (() => { var pwn = {}; pwn.valueOf = () => pwn = 0; pwn++; })();

    2 replies 11 retweets 131 likes
    Undo
  12. Retweeted
    Jul 14

    Results for the quickJS 0day challenge are out! Enjoy fresh ascii art, 0day and exploit techniques with curl | less

    10 replies 48 retweets 187 likes
    Show this thread
    Show this thread
    Undo
  13. Jul 14

    did I hear 10x tennis player?

    1 reply 1 retweet 8 likes
    Undo
  14. Retweeted
    Jul 12
    Replying to

    12. A 10x engineer is usually levitating, and farting out 1's and 0's as they whiteboard a proof that P=NP. They stopped sleeping before they were born. They are usually typing on two keyboards simultaneously.

    35 replies 512 retweets 5,809 likes
    Undo
  15. Jul 13

    If somebody has a way to do proper copy & paste in tmux that would already be a big step forward :>

    3 replies 7 likes
    Show this thread
    Show this thread
    Undo
  16. Jul 13

    WSL 2 is neat. Once Windows Terminal gets proper panes and clipboard support I might actually be able to use Windows to get work done

    2 replies 21 likes
    Show this thread
    Show this thread
    Undo
  17. Retweeted
    Jul 11

    My iOS 12.2 exploit is now available! Thanks again to Brandon for his help in getting through the Mach trenches from BSD.

    112 replies 335 retweets 1,265 likes
    Undo
  18. Retweeted
    Jul 11

    I wrote a thing about a Chakra RCE for which the JIT trigger is tweetable :) function opt(o) { o.pwn = o.a; }

    119 retweets 279 likes
    Undo
  19. Retweeted
    Jul 9

    Exploitation was a bit tricky because I had to upload the malicious language pack to To bypass the manual review I turned RCE into UXSS to log into my own account on AMO and be able to access an unlisted LP (which only undergoes some automated tests)

    3 replies 1 retweet 40 likes
    Show this thread
    Show this thread
    Undo
  20. Jul 9

    Exploitation was a bit tricky because I had to upload the malicious language pack to To bypass the manual review I turned RCE into UXSS to log into my own account on AMO and be able to access an unlisted LP (which only undergoes some automated tests)

    3 replies 1 retweet 40 likes
    Show this thread
    Show this thread
    Undo
  21. Jul 9

    I reported some more sandbox issues, will probably write a blog post about this whole attack surface once everything is fixed

    1 reply 1 retweet 19 likes
    Show this thread
    Show this thread
    Undo

@_niklasb hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·