#BH_USA_ARSENAL My open-source macOS kernel monitoring project: Kemon. github.com/didi/kemon blackhat.com/us-18/arsenal/…

#DEFCON26 Uploaded my DEF CON 26 slide "Attacking the macOS Kernel Graphics Driver" at github.com/keenjoy95/defc… DEF CON

Meet BrokenType – the font fuzzing toolset that helped me find 39 vulns in the Windows kernel and user-mode Uniscribe library in 2015-2017. It includes a font mutator, generator and loader. Now on GitHub: github.com/google/BrokenT…

Apple SEP OS (SKS) communication sniffing and message decryption

After testing, I found that these Kauth interfaces are not really deleted, and Kemon still works github.com/didi/kemon. But I think this Catalina 10.15 Beta 7 (19A546d) Release Note means that the door to the macOS kernel is closing. developer.apple.com/documentation/…

It's possible to crash the latest T2 SEP OS from a low-privilege process on AP.

A new way to panic the latest Apple T2's SEP OS~

My blackhat-us-20 and blackhat-eu-20 slides can be downloaded here: i.blackhat.com/USA-20/Thursda… and i.blackhat.com/eu-20/Thursday…

An updated version is now available for download from the Black Hat'22. i.blackhat.com/USA-22/Wednesd… Check out the latest macOS Wi-Fi kernel vulnerabilities! :)

[Official Announcement]: deepsec.cc 2025 IS COMING!!! This is a community-driven, non-profit information security closed-door symposium, where technology speaks loudest. 🌐 deepsec.cc 📅 June 16, 2025 📍 Shanghai, China 📧 [email protected]

My new (early announcement) #BHUSA '25 presentation: "Dead Pixel Detected" - A Security Assessment of Apple's Graphics Subsystem. 😀 Black Hat blackhat.com/us-25/briefing…

#deepsec Session "Behind the Pixels: A Journey of Reverse Engineering and Fuzzing on Apple's Stacked Subsystem" by keenjoy95 sheds light on IOMobileFrameBuffer and Apple Silicon graphics, revealing untold vulnerabilities and attack paths. More at deepsec.cc

You can find my updated version here: github.com/keenjoy95/bh-a… x.com/Ivanlef0u/stat…

Our new zero-day blog: fireeye.com/blog/threat-re…

Keen Lab's official blog is online now. English version: keenlab.tencent.com/en/index.html

CVE2209 Tavis Ormandy "The fix is simply to MIN(ReqSize, CACHE_SIZE)." << They'd better memset(0) the cache buffer also :)