My & Csaba Fitzl last Black Hat Asia talk was rated by the audience for 4.8/5. That’s really an amazing score. We’re really glad you liked it! ♥️

Insecurely get audit_token by PID. I spent too much time on finding the way to do so. Maybe that would help somebody: gist.github.com/r3ggi/f6d48f2f… Kudos Scott Knight, I wrote that basing on your code 👍🏻

#iOSdev tool alert! 🚨 iOS Security Suite by Wojciech Reguła is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift. The ISS can be used to detect jailbreak, detect or/and deny attached debugger & many more. github.com/securing/IOSSe…

🍎🪳My latest blogpost Kandji about the Dock Tile Plugin vulnerability I found. It allowed someone to escalate privileges, and also perform a guest to host VM escape - unfortunately that part turned out to be less exciting than I initially thought. blog.kandji.io/dock-tile-plug…

Patch your Macs 🍎

This is a fix for my kTCCServiceSystemPolicyAppData bypass

You'll probably like this tool if you are interested in #Apple #macOS #ReverseEngineering. I face some issues in having a stable version of it; feel free to jump in if you think you can help: github.com/tony-go/snixpc

Turns out you can enumerate individual clients connected to Endpoint Security by looking at the I/O Registry's `IOService` plane under: `IOService:/IOResources/EndpointSecurityDriver`. You can use: `ioreg -r -c EndpointSecurityExternalClient` swiftly-detecting.notion.site/Listing-Connec…

Looking for universal, backward-compatible kernel read and write primitives for both ARM and Intel-based macOS systems? No problem! Check it out at: github.com/wangtielei/POC…. The PoC uses only existing kernel mechanisms and does not require complex memory manipulation techniques.

#BHUSA Black Hat My Black Hat USA 2024 presentation is finished. Thank you all for coming. In my presentation, I disclosed some methods to achieve SBX and LPE. Many of them require launching an app, so in an attack scenario, the user may notice an app icon briefly

So far, I have written 706 pages to help the security community. My goal will be writing new articles of the Exploiting Reversing Series (ERS), which is focused on security research. However, I am planning to write one or two additional articles of my previous series MAS (Malware

Publishing some of the notes I've amassed over my years in #macOS security. There's lots, so I'm publishing them as I collate them into something structured and readable. My first few are available, and the rest will be as I finish them. notes.crashsecurity.io/notes

Are any of you guys interested in the 44 slides about file API security that I had to cut from my new presentation? It has all the fan favourites like union mounts, POSIX ACLs and other unhinged insanity

#OBTS v7 talks have been announced: objectivebythesea.org/v7/talks.html 🤗 With over 20 talks (from many of the world's top researchers), covering macOS/iOS bugs & exploits, malware, internals, tools, and much more, this is a can't miss event! Which talks are you most excited about?

See you in Maui! 🏝️🇺🇸

iOS friends- do you have any solution for purchasing&downloading apps from the AppStore from CLI? `ipatools` does not work anymore for purchasing 😢

On my way to SEC-T 🇸🇪

On my way to NSSpain XII #NSSpain2024 Tomorrow I’m giving a talk about apps isolation that I think will be interesting to Apple apps developers 🍎👩‍💻🧑‍💻

Still at NSSpain XII #NSSpain2024 - hit me up if you want to talk about iOS/macOS application security

I can highly recommend presenting at NULLCON 🇮🇳