Built some tooling to interact with the Core Location API and Location Services on macOS. I dive into how it works, my initial assumptions, and general thought process when approaching research! medium.com/@slyd0g/where-…

A story in three parts 😶 #log4j

A "transparent" window can be used in macOS to clickjack the user into giving you full control over his TCC database. Code: github.com/breakpointHQ/T… #redteam #infosec music: bensound.com

Neat that you can use mdquery API calls as another way to check for full disk access on macOS. I added a JXA and Swift example in my Spotlight Enum Kit repo.

Took some time recently to dive into in-memory Mach-O execution on macOS. I dig into the API calls necessary to perform reflective code loading, present my Swift implementation, cover nuances on Big Sur vs Monterey, and how to detect it on Monterey! slyd0g.medium.com/understanding-…

Introducing KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings). All credits go to James Forshaw Cube0x0 Will Schroeder, most of the code was taken from their tools. github.com/Dec0ne/KrbRela…

Some vulnerabilities are simple to find. Others require complex analysis. My latest blog post details my personal approach to reverse engineering Android and Java applications to find high-impact vulnerabilities. Check it out here: dillonfrankesecurity.com/posts/java-sta…

Phorion Threat Report: a backdoored Cursor extension was used to deploy the Paradox Stealer infostealer into macOS developer workflows. The post breaks down the full infection chain, detection opportunities and why IDE extensions have become a reliable point of initial access.

On iOS/macOS: 1️⃣ A webpage can silently launch Apple’s Podcasts app (w/ no prompts) w/ attacker-chosen podcast ...and there appears to remote 0-click path too 👀 2️⃣ Attackers also probing Podcasts for XSS, which could pair very nicely with #1 Read: 404media.co/someone-is-try…

Getting back into writing about my research, starting with taking a look at macOS PKG vulnerabilities. Check it out! More posts to come. john-woodman.com/research/explo…

🎉 My new blog post is about a PackageKit vulnerability I learned from p1tsi 's blog posts. 🍎🐛macOS LPE via the .localized directory I tried convincing Apple to universally fix it with no luck. Go hunt for vulnerable pkg installers! There is a ton :-( Happy Friday!

🔥 New (guest) blog just dropped! “When Good /bins Go Bad: A Remote Pre-Auth Overflow in LLDB’s debugserver” objective-see.org/blog/blog_0x83… Mahalo to Nathan (Nathan) for detailing his discovery of this bug, which has since been patched by Apple as CVE-2025-43504 🙏🏽

Introducing DirtyDict. A series of vulnerabilities found by me and Mickey Jin. Most of this is my perspective, but Mickey did give me permission to share some details about one of his bugs. Enjoy! wts.dev/posts/dirtydic…

Crowdstrike can be bypassed on macOS with tclsh, eg: gist.github.com/tokyoneon/e425… Ncat reverse shell is killed, but this one isn’t. How about that Mr “tom square” tom square hmm? Please provide your insight!!

Want to see what top-notch security research looks like? Look no further than Jakub Domeracki's latest research, a standout contributor to the Google Cloud VRP! 🪲💪 jdsec.cloud/posts/2026-01-…

Our intrepid 20%-er Dillon Franke exploited a vulnerability in CoreAudio. See his process for gaining privilege escalation on a Mac: projectzero.google/2026/01/sound-…

It's been just over a year since CVE-2024-54529 was patched. To celebrate, I'm open-sourcing my full PoC exploit for this CoreAudio type confusion vulnerability 🔊 The code is right here! Enjoy: github.com/googleprojectz…

A patch was released and CVE assigned for the macOS priv esc I found in the Windows App (CVE-2026-21517)! Hoping to write a blog post on it soon once public disclosure is approved and I verify the vuln was fixed. msrc.microsoft.com/update-guide/v…

Found a Full SIP Bypass in latest macOS version. Looking forward to writing about this one once a fix is released!