Niklas B

@_niklasb

0x10 engineer faking objects

Germany
Joined December 2016

Tweets

You blocked @_niklasb

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @_niklasb

  1. Pinned Tweet
    May 26

    I wrote a thing about my macOS sandbox escape & LPE from Pwn2Own

    Show this thread
    Undo
  2. 19 hours ago

    how does it feel to drop 0d on Apple? You have good lawyers?

    Show this thread
    Undo
  3. 23 hours ago

    I just tested the jailbreak and it worked first try by the way

    Show this thread
    Undo
  4. 23 hours ago

    This is really bad for end users, combined with a webkit 1day (to be found in git repo), a full chain could have been built just with readily available bugs for almost a month now

    Show this thread
    Undo
  5. 24 hours ago

    🤦‍♀️ apparently Apple undid a patch for 's bug in 12.4?

    Show this thread
    Undo
  6. Retweeted
    Aug 17

    In multiple recent disclosure discussions on Twitter, I had said I will write a longer blog post about my views. I finally found the time to jot them down. I expect almost every reader to disagree with something vehemently. Enjoy "Disclosure Rashomon":

    Undo
  7. Retweeted
    Aug 14

    My stance on this: the increased Apple bounty *will* make more researchers report bugs rather than selling them. It will also drive the price for these bugs higher on the offensive market, but isn’t that the goal?

    Show this thread
    Undo
  8. Retweeted
    Jul 29

    Today, and I unrestricted five bugs in iMessage! Here are some highlights:

    Show this thread
    Undo
  9. Jul 26
    Undo
  10. Retweeted
    Jul 25

    Darf ich kurz um eure Aufmerksamkeit bitten. Zumindest dann, wenn ihr a) Lebensmittelverschwendung nicht ab könnt, oder b) in einer Lebenssituation mit nur wenig Geld zum Leben seid.

    Show this thread
    Undo
  11. Jul 25

    The new quickJS release already fixed some of the issue we found, pretty neat, maybe this will be the first reasonably safe JS engine? :) In the meantime here's a new UAF for your pwning pleasure: (() => { var pwn = {}; pwn.valueOf = () => pwn = 0; pwn++; })();

    Undo
  12. Retweeted
    Jul 14

    Results for the quickJS 0day challenge are out! Enjoy fresh ascii art, 0day and exploit techniques with curl | less

    Show this thread
    Undo
  13. Jul 14

    did I hear 10x tennis player?

    Undo
  14. Retweeted
    Replying to

    12. A 10x engineer is usually levitating, and farting out 1's and 0's as they whiteboard a proof that P=NP. They stopped sleeping before they were born. They are usually typing on two keyboards simultaneously.

    Undo
  15. Jul 13

    If somebody has a way to do proper copy & paste in tmux that would already be a big step forward :>

    Show this thread
    Undo
  16. Jul 13

    WSL 2 is neat. Once Windows Terminal gets proper panes and clipboard support I might actually be able to use Windows to get work done

    Show this thread
    Undo
  17. Retweeted
    Jul 11

    My iOS 12.2 exploit is now available! Thanks again to Brandon for his help in getting through the Mach trenches from BSD.

    Undo
  18. Retweeted
    Jul 11

    I wrote a thing about a Chakra RCE for which the JIT trigger is tweetable :) function opt(o) { o.pwn = o.a; }

    Undo
  19. Retweeted
    Jul 9

    Exploitation was a bit tricky because I had to upload the malicious language pack to To bypass the manual review I turned RCE into UXSS to log into my own account on AMO and be able to access an unlisted LP (which only undergoes some automated tests)

    Show this thread
    Undo
  20. Jul 9

    Exploitation was a bit tricky because I had to upload the malicious language pack to To bypass the manual review I turned RCE into UXSS to log into my own account on AMO and be able to access an unlisted LP (which only undergoes some automated tests)

    Show this thread
    Undo
  21. Jul 9

    I reported some more sandbox issues, will probably write a blog post about this whole attack surface once everything is fixed

    Show this thread
    Undo

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·