Tweets
- Tweets, current page.
- Tweets & replies
- Media
You blocked @benhawkes
Are you sure you want to view these Tweets? Viewing Tweets won't unblock @benhawkes
-
Ben Hawkes Retweeted
Just published a follow-up to my Adobe Reader symbols story on the Project Zero blog. Turns out there's even more debug metadata to be found in some old (and new) builds, including private CoolType symbols. Enjoy! https://googleprojectzero.blogspot.com/2020/01/part-ii-returning-to-adobe-reader.html …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Quick reminder that we're still updating the "0day detected in-the-wild" spreadsheet here: https://googleprojectzero.blogspot.com/p/0day.html . The first entry for 2020 is now in the books -- CVE-2019-17026 is a type confusion issue in the JIT engine for Firefox, detected in active attacks by Qihoo 360 ATA.
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Project Zero blog: "Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution" by Samuel Groß (
@5aelo) -- https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-3.html …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Project Zero blog: "Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass" by Samuel Groß (
@5aelo) -- https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-2.html …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Ben Hawkes Retweeted
I'm very excited to share my blogpost series (including PoC code) about a remote, interactionless iPhone exploit over iMessage: https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Project Zero blog: "Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641" by Samuel Groß (
@5aelo) -- https://googleprojectzero.blogspot.com/2020/01/remote-iphone-exploitation-part-1.html …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Ben Hawkes Retweeted
Kudos to the GPZ team for their willingness to explore new vulnerability disclosure policies in addition to doing great research :) At the risk of wading into a disclosure debate (plz no), I think these policy changes will help improve customer safetyhttps://twitter.com/itswillis/status/1214595438113886209 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Ben Hawkes Retweeted
At Google Project Zero, the team spends a *lot* of time discussing and evaluating vulnerability disclosure policies and their consequences. It's a complex and controversial topic! Here's P0's policy changes for 2020 (with our rationale for the changes): https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Project Zero Policy and Disclosure: 2020 Edition -- https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Ben Hawkes Retweeted
New blog post outlining how to use my .NET RPC Client tooling from PowerShell and C# to test and exploit local RPC security vulnerabilities. Also an early xmas present for those who enjoy long standing design flaws in UAC :-) https://googleprojectzero.blogspot.com/2019/12/calling-local-windows-rpc-servers-from.html …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
New guidance on Linux-stable Merges for Android: https://source.android.com/devices/architecture/kernel/linux-stable-merges … -- looks positive, reducing the patch gap for upstream kernel security bugs is really important. The window of exposure for publicly known issues is too long at the moment.
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Ben Hawkes Retweeted
I'm really excited about this video. It has been in the making for a long time. It's a video with
@NedWilliamson about his SockPuppet vulnerability in the XNU (iOS/Mac) Kernel and was used for jailbreaking. Haxember #10 https://www.youtube.com/watch?v=YV3jewkUJ54 …pic.twitter.com/c2jbwDUVrx
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Ben Hawkes Retweeted
Learn how found and exploited SockPuppet for iOS 12.4, featuring a bonus collaboration with LiveOverflow! https://googleprojectzero.blogspot.com/2019/12/sockpuppet-walkthrough-of-kernel.html …https://www.youtube.com/watch?v=YV3jewkUJ54 …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Project Zero blog: "SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4" by Ned Williamson (
@NedWilliamson) -- https://googleprojectzero.blogspot.com/2019/12/sockpuppet-walkthrough-of-kernel.html …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Ben Hawkes Retweeted
Blog post about the work Google's Threat Analysis Group (TAG) does. Targeted phishing stats, Sandworm campaign details and disinfo campaign takedowns. We plan to do more of these. https://blog.google/technology/safety-security/threat-analysis-group/protecting-users-government-backed-hacking-and-disinformation/ …
@t_gidwani@billyleonardThanks. Twitter will use this to make your timeline better. UndoUndo -
Ben Hawkes Retweeted
Blog post on CVE-2019-2215, the Android binder bug that was exploited in-the-wild and affected most Android devices manufactured prior to Fall 2018. https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html …
Thanks. Twitter will use this to make your timeline better. UndoUndo -
Project Zero blog: "Bad Binder: Android In-The-Wild Exploit" by Maddie Stone (
@maddiestone) - https://googleprojectzero.blogspot.com/2019/11/bad-binder-android-in-wild-exploit.html …Thanks. Twitter will use this to make your timeline better. UndoUndo -
Ben Hawkes Retweeted
KTRW was motivated by the desire to see better and more open tooling for security research on iPhones. Read about the journey to find the KTRR bypass: https://googleprojectzero.blogspot.com/2019/10/ktrw-journey-to-build-debuggable-iphone.html …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Ben Hawkes Retweeted
I built an iOS kernel debugger called KTRW based on a KTRR bypass for the iPhone X. It is capable of patching kernel __TEXT_EXEC, loading kernel extensions, and performing single-step kernel debugging with LLDB and IDA Pro over USB:https://github.com/googleprojectzero/ktrw …
Show this threadThanks. Twitter will use this to make your timeline better. UndoUndo -
Ben Hawkes Retweeted
In multiple recent disclosure discussions on Twitter, I had said I will write a longer blog post about my views. I finally found the time to jot them down. I expect almost every reader to disagree with something vehemently. Enjoy "Disclosure Rashomon": http://addxorrol.blogspot.com/2019/08/rashomon-of-disclosure.html …
Thanks. Twitter will use this to make your timeline better. UndoUndo
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.