Tweetovi

Blokirali ste korisnika/cu @i41nbeer

Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @i41nbeer

  1. 29. kol 2019.

    We’ll look at how the attackers modify their exploitation techniques over time to defeat new mitigations, and investigate the capabilities of the attacker’s implant to access personal information on the exploited devices.

    Prikaži ovu nit
    Poništi
  2. 29. kol 2019.

    It covers every vulnerability in detail, including root cause analysis, what steps could have been taken to prevent the bugs, and what steps should be taken to ensure they don’t happen again.

    Prikaži ovu nit
    Poništi
  3. 29. kol 2019.

    thanks to , for their joint work on this. This has been a huge effort to pull apart and document almost every byte of a multi-year in-the-wild exploitation campaign, which used 14 different iOS exploits.

    Prikaži ovu nit
    Poništi
  4. 27. pro 2018.

    hello

    Poništi
  5. 18. lis 2018.

    A blog post about turning back the clock to 2014, and thinking about what 2022 might be like:

    Poništi
  6. 19. ruj 2018.

    And if you're using the mptcp/vfs exploits for security research (eg with Electra 11.3.1) you should just keep using that. I'll release the 11.4.1 exploits I have but the focus will shift to iOS 12 now :)

    Prikaži ovu nit
    Poništi
  7. 19. ruj 2018.

    The iOS 12 security bulletin seems to only include iOS-only bugs this time (as opposed to those which affect iOS *and* MacOS.) There are far more fixes in iOS 12 than are mentioned, including a nasty logic bug to break you out of the app sandbox. Update your personal devices!

    Prikaži ovu nit
    Poništi
  8. 9. kol 2018.

    Here are the slide from my talk yesterday: Please expand the speaker notes if you read it!

    Prikaži ovu nit
    Poništi
  9. 8. kol 2018.

    I'd love to get a chance to sit down with you and discuss how together we can make iOS even more secure for all our users. Cheers, Ian Beer.

    Prikaži ovu nit
    Poništi
  10. 8. kol 2018.

    Hi , I've been working for years to help make iOS more secure. Here's a list of all the bugs I reported which qualified for your bug bounty since its launch, could you invite me to the program so we can donate this money to ?

    Prikaži ovu nit
    Poništi
  11. 24. srp 2018.

    Please read README_KDP before trying to use this. There are many limitations, but I have found it useful for vulnerability research nevertheless.

    Prikaži ovu nit
    Poništi
  12. 24. srp 2018.

    Here's an updated version of async_wake with a more usable KDP-based kernel debugger:

    Prikaži ovu nit
    Poništi
  13. 29. lip 2018.
    Poništi
  14. 17. lip 2018.

    Fixing that in combination with enabling 20 spinner threads seems to show reliability closer to 50% in some very unscientific testing, but I'm sure there are still plenty of bugs. 's writeup had plenty more good ideas for improving reliability.

    Prikaži ovu nit
    Poništi
  15. 17. lip 2018.

    credit to for spotting a bug in empty_list: on devices with 16k pages there are 0x61 ipc_port allocations per zone refill (not sure where 0xe0 came from...); so it should look like this: int ports_per_zcram = kernel_page_size == 0x1000 ? 0x49 : 0x61;

    Prikaži ovu nit
    Poništi
  16. 13. lip 2018.

    empty_list, a proof-of-concept exploit for the getvolattrlist iOS 11.3.1 kernel bug: Please read the README.

    Poništi
  17. 8. lip 2018.
    Poništi
  18. 5. lip 2018.

    (footnote: for the vfs bug technically you can control a handful of bits in the 8 overflow bytes, the overflow value is actually two 4 byte flag fields. This may or may not help.)

    Prikaži ovu nit
    Poništi
  19. 5. lip 2018.

    Finally: always keep your personal iOS devices up to date and only use these tools on devices which don't have any personal information and are only used for research.

    Prikaži ovu nit
    Poništi
  20. 5. lip 2018.

    The trigger is here: If you're in to iOS exploit dev take a go at it and blog about it! I'll publish what I have soon, hopefully this week.

    Prikaži ovu nit
    Poništi

Čini se da učitavanje traje već neko vrijeme.

Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.

    Možda bi vam se svidjelo i ovo:

    ·