benjamin

I’m leaving twitter, follow me on @benjamin" target="_blank" rel="nofollow noopener">social.treehouse.systems/@benjamin

:-) Secure OS

I always appreciate when I end up clicking on the wrong button/item because the UI refreshed right before

Happy holidays! ❄️

🔺New on the Apple Security Research blog: we pit our hardened kalloc_type XNU allocator against SockPuppet, a powerful vulnerability from the past: security.apple.com/blog/what-if-w…

macOS 13.3.1 still has the bitcoin paper, do the update

FUNCTION(FUNCTION({"🎉", "Year", "Happy New"}, "sortedArrayUsingDescriptors:", {FUNCTION(CAST("NSSortDescriptor", "Class"), "sortDescriptorWithKey:ascending:", "hash", 1)}), "componentsJoinedByString:", " ")

FUNCTION({"Merry", "Christmas", "🎅"}, "componentsJoinedByString:" , " ")

Trying out Mastodon, find me at @benjamin@treehouse.systems

Towards the next generation of XNU memory safety: kalloc_type security.apple.com/blog/towards-t… I’m so happy that the team finally gets to share the details of this huge effort. And I’m so proud I had the chance to work on it in the past couple of years. :)

Need offsets? Please ask @tihmstar

@tihmstar Just patch ********* bro

oh the jailbreak works, just never turn on wifi on the device ._.

@tihmstar I’ve been there and I can tell you it’s true. 100%

That feeling when you keep reviewing the same code over and over again, and don’t spot any bug. But then you decide to do some very targeted fuzzing which leads to a crash in <10min. - and that’s an actual vuln.

✍️ 1/ Want to learn how to bug hunt in hard targets and find high impact issues? Here’s a short Sunday 🧵for those starting out and some general thoughts from over the years on software security:

@qwertyoruiopz happy birthday 🎉

look i don’t write code, i just read it. i check out its vibes and move on with my life

Developer catching all Java exceptions when parsing untrusted data but the JVM does not throw any for integer overflows ¯\_(ツ)_/¯

Happy New Year 🎉