Quentin M

So proud to talk for the first time at @offensive_con about how fun it is to escape the Safari sandbox!

We really should be talking about this more....KASLR is just not working properly on Android right now, and it hasn't for a long time. googleprojectzero.blogspot.com/2025/11/defeat…

A look back at our ninjas' first day at @Hexacon! We are proud of our experts Quentin and Etienne, who are leading the ‘iOS for Security Engineers’ training course. At the same time, Matthieu and Paul are hard at work on the ‘Azure intrusion for red teamers’ training course! Happy training 🎓

Writeup for CVE-2025-24085, an ITW mediaplaybackd vulnerability patched earlier this year github.com/b1n4r1b01/n-da…

MTE in libPas 👀 github.com/WebKit/WebKit/…

@xvonfers "com.apple.security.script-restrictions" 👀

🤔 [295595]Harden the interpreter dispatchers more for ARM64E github.com/WebKit/WebKit/…

That time when @tehjh was just reviewing a new Linux kernel feature, found a security vuln, then went on a journey to see if he could exploit it from inside the Chrome Linux Desktop renderer sandbox (spoiler: very yes) googleprojectzero.blogspot.com/2025/08/from-c…

We dissect a DFG compiler bug we discovered in Safari/WebKit. This post covers root cause, impact, and technical analysis: blog.exodusintel.com/2025/08/04/oop… #WebKit #VulnerabilityResearch #ExploitDev #Safari #CyberSecurity #ExodusIntel

Not their best picture but definitely THE best hands-on iOS training! Come and see for yourself how Etienne and Quentin master iOS! ⚠️ Warning, risk of massive skills overflow ⚠️

🚨 Still a few seats left for our iOS for Security Engineers training at #HEXACON2025! 4‑day hands-on labs to explore the iOS ecosystem and prepare for vulnerability research. 📍 Paris, Oct 6‑9 ➡️ hexacon.fr/trainer/meffre…

@iamAlexGalvan We currently offer in-person training only. No online trainings available at the moment.

@0xdagger Any plans to offer a iOS Security Training online in the future maybe?

It's never too late to start vulnerability research on iOS! Our training has been made by experienced iOS security researchers for newcomers in the iOS area who want to start developing "extremely sophisticated attacks"! :-) hexacon.fr/trainer/meffre…

@cvewhen Our training is focused on the iOS system in itself rather than exploit development. You can expect fully updated content related to the system and its security. If iOS 26 brings new security features we will do our best to cover them at Hexacon.

@0xdagger I'm not an iOS researcher but I've heard this in some circles "if you're thinking of starting ios vr - don't - anything public is at least a year outdated unless you have leaks don't bother" Is this any valid? Takes?

@indigo79x One requirement for our training is to have basic knowledge in programming (especially in C language). So I think it is advisable for you to sign up if you want to start research on iOS 🙂

@0xdagger I'm interested but have zero background on iOS, just getting started on Apple VR (learning ARM64 and ObjC, know a bit of C and go a few CVEs on macOS userland). Is it advisable to sign up?

If you are planning to learn about iOS, don't miss this training. Quentin and Etienne are exceptional researchers. No CVE ≠ no 0-days 😉😇

Interesting WebContent PAC bypass github.com/WebKit/WebKit/…

Don't miss our 2 trainings 😉 🍎 iOS for Security Engineers ☁️ Azure intrusion for red teamers

Just wrapped up two fantastic training sessions at #Hexacon! A big thank you to everyone who joined us for our deep dives into Active Directory/Azure and iOS internals. It was great to share knowledge and learn together!

Escaping the Safari Sandbox: A tour of WebKit IPC #MobileSecurity #iOSsecurity [SLIDES] by @Synacktiv synacktiv.com/sites/default/…

Half the tickets already sold! Checkout our four-day trainings on advanced AD and Azure exploitation and iOS internals at Hexacon in Paris this year (Sept 30th - Oct 3rd): 🌐 hexacon.fr/trainer/vincen… 🍎 hexacon.fr/trainer/meffre…

iOS is being touted as the "most secure OS", but is this claim substancial? Discover the many security features implemented by Apple with "iOS for Security Engineers" training: ➡️ hexacon.fr/trainer/meffre… 📆 30/09-03/10 2024 📍Espace Vinci, Rue des Jeuneurs, Paris