JavaScript is not available.

Jan 3

*better error handling, fix for older SDK* #libimobiledevice stack build script for macOS v1.0.10 mkdir -p limd-build; cd limd-build; curl -o ./limd-build-macos.sh -L is.gd/LlCh2k ; bash ./limd-build-macos.sh Become a patron if you like it: patreon.com/nikias 🙏

Jun 7

How about just using idevicerestore?

Quote Tweet

@pwnsdx

Jun 6

How to install iOS 17 without developer account (if you really want it): 1) Install macOS Sonoma via InstallAssistant.pkg 2) Disable Lockdown mode on it and make sure allow accessories to connect is on Always 3) Download correct IPSW for your device from developer.apple.com

Show this thread

Gianluca Braga

@Matrix86_

Jun 6

We have an open position as Malware Analyst! If you are interested send me your CV

Jun 7

Looks like Apple deprecated developer disk images. Now debugserver is already shipped with the system in /usr/libexec/debugserver

Thanks to the support of Beacon Red, we are adding a FREE TO ATTEND track of 30 and 60 minute talks alongside 120 minute labs that take place in conjunction with the main HITB conference happening in...

HITBSecConf

@HITBSecConf

Jun 5

The Call for Papers for #HITB2023HKT CommSec Track (sponsored by Beacon Red) is now open! cfp.hackinthebox.org/events/hitb202 Deadline to submit: 31st July 2023 @ 23:59 (GMT +7)

cfp.hackinthebox.org

HITBCommSec Track

Blog - What if we had the SockPuppet vulnerability in iOS 16? - Apple Security Research

Ivan Krstić

@radian

May 23

🔺New on the Apple Security Research blog: we pit our hardened kalloc_type XNU allocator against SockPuppet, a powerful vulnerability from the past:

security.apple.com

The next post in our XNU memory safety series examines how our hardened kernel allocator performs in the real world against a previously patched but powerful UAF software vulnerability. In this...

245

Discord - A New Way to Chat with Friends & Communities

Today our book with

is out packt.link/Eduardo - here is the discord discord.gg/4G94YpuR. Aaaaand we are going to make a trivia for some t-shirts! Time and channel are undisclosed. Stay tuned!

discord.com

Discord is the easiest way to communicate over voice, video, and text. Chat, hang out, and stay close with your friends and communities.

Show this thread

Discord - A New Way to Chat with Friends & Communities

and myself have open the cages for #fuzzATM Discord discord.gg/hPGuxtNR don't be shy, introduce yourself and say hello!

discord.com

Discord is the easiest way to communicate over voice, video, and text. Chat, hang out, and stay close with your friends and communities.

Also Kudos to:

Without their projects and help this book wouldn't be possible.

Oh wow

Quote Tweet

Corellium

@CorelliumHQ

May 8

We are pleased to announce that the U.S. Court of Appeals has further upheld the initial court’s ruling of copyright fair use in Corellium’s favor. This is a big win for the security community and technology innovators. news.bloomberglaw.com/ip-law/apple-f

Ashley M. Gjøvik

@ashleygjovik

May 8

Remember how Apple wanted to buy Corellium, and even offered $23M, but Corellium tried to negotiate more, so instead Apple just sued Corellium and tried to destroy the company? But Corellium was like f that & fought back... Apple officially lost their retaliatory lawsuit today.

Quote Tweet

Reuters Legal

@ReutersLegal

May 8

Apple failed to convince a US appeals court that security startup Corellium infringed its copyrights by simulating its iOS operating system to help researchers find security flaws in Apple devices reut.rs/3HRJaz0

160

757

spot the mistake

Mysk

@mysk_co

Apr 26

Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices. TL;DR: Don't turn it on. The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.… Show more

110

1,458

2,784

daniel:// stenberg://

@bagder

Apr 24

Do NOT. I repeat. Do NOT remove curl.exe from your Windows System32 folder to silence a (stupid) security scanner. It will lead to tears and sorrows. And if you do, please don't ask *me* for help when you've broken your Windows install. I can't fix that.

484

2,935

My son needs antibiotics, but I had to call 10 pharmacies to find it. It can't be ordered currently, so you have to be lucky that a pharmacy just has it. This is in the 2nd largest city in Germany, I wonder how bad it must be on the countryside...

Apr 22

#HITB2023AMS was a blast! Great talks and great people! It was really nice seeing everyone

Happy birthday to my birthday bro

@pod2g

, we missed you at #HITB2023AMS

Helthydriver

@Helthydriver

Apr 21

And always we are standing on the shoulder of giants: Without FOSS tools like #libimobiledevice, #mvt from

or forensic materials/training from

@HeatherMahalik

@iamevltwin

and all the others research would be much much harder! In my slides you‘ll find many links. 6/6

We need more plates! #lunch #HITB2023AMS

PANEL DISCUSSION: iOS / OS X Security - HITBSecConf2023 - Amsterdam

HITBSecConf

@HITBSecConf

Apr 21

Good morning Amsterdam!!! It’s Day 2 of #HITB2023AMS and we kick off with a special #iOS / #OSX panel discussion at 10:00! Got a question for our panelists? Tweet it with the #askinthebox hashtag!

conference.hitb.org

A catch up with some of the former “jailbreak Dream team” members and some usual suspects of the iOS / OS X hacking scene – a look back, and a look forward at the state of security in Apple land… ...

عيد مبارك ☪️

Thanks

for the #libimobiledevice shout-out 🎉 (infact I am the only one maintaining it for quite some time). Great talk!#HITB2023AMS

macOS Ventura just arrived #HITB2023AMS

Ok I think I found the solution to the problem myself: Since libimobiledevice-glue needs to be updated (so it can also finally have a release too), all other projects need to be updated too, and they will just depend on latest libplist then. Problem solved I guess :)

Quote Tweet

So I am working on some final changes for a #libplist release. I added several new functions to the interface, see my latest commit: github.com/libimobiledevi - I am also adding a plist_read_from_file helper, that will return the parsed format in its 4th argument (1/2)

Show this thread

Zimperium

@Zimperium

Don’t miss Zimperium’s Nikias Bassen

Add new output-only formats and Define constants for the different pl… · libimobiledevice/libplis...

in panel on iOS / OS X Security this Friday (21 April) at 10am CEST at #HITB2023AMS bit.ly/43JbuwZ #WeSecureMobile #HITBSecConf2023

There is alread a plist_from_memory function, but it doesn't return the parsed format, and it's used everywhere 🙈 Now, do I just change the prototype to add an argument, breaking old code, or add a new function? If so, suggestions for names? kthxbye (2/2)

…ist formats This commit introduces constants for the different plist formats, and adds 3 new human-readable output-only formats: - PLIST_FORMAT_PRINT: the default human-readable format - PLIST_FO...

your baggage calculator is currently broken (internal server error)

I will be at

#HITB2023AMS this week, if you are around, pull up, they have a free CommSec track too!

Matthias Ringwald

@mringwal

Apr 13

Anybody managed to access iOS GATT Services over an existing BR/EDR Connection? Want to read the battery, but only get 'connection refused: no resources available' when connecting to ATT PSM 0x1f. #CoreBluetooth

Matthew Toussain

@0sm0s1z

Apr 4

I'm certain this was done by accident so I'll tell you what. Unfollow

@jonathandata1

and I (and I'm sure many others) would be happy to follow you back. He's a menace and you are (likely unwittingly) elevating his toxic message. Please RT #UnfollowTheCharlatan #IStandWithMick

126

Show this thread

strandjs - strandjs@bsky.social

@strandjs

Apr 2

#IStandWithMick People reached out and told me that

@jonathandata1

was not a good apple. This shows it. If you are in the media. Please do some research on him before using him in a story. He is not a very good representative of our industry.

Quote Tweet

Mick Douglas

@bettersafetynet

Apr 2

This. This is beyond the pale. I'm livid.

318

Mar 29

Welcome to the team!

Quote Tweet

Georgia Weidman

@georgiaweidman

Mar 28

Excited to announce I’ll be joining @Zimperium next week as a Security Architect. They created a job for me combining my favorite things including product, research, speaking, and PR!

رمضان مبارك ☪️

Mal wieder im Einsatz #Kampfrichter

Feb 9

impressive

Quote Tweet

jmpews

@jmpews

Feb 9

"you shall not pass" * 2

Show this thread

Feb 8

Why do people build UIs that call shell commands and write the output to a file, then read the file to process the results when a perfectly fine API is available to do it directly? AHHHHHHHHHH

Feb 5

Recently in #libimobiledevice Telegram group 🤣