A2nkF | Ilias

434 posts

A2nkF | Ilias

@A2nkF_

Breaking Apple things. CTF with @allesctf & @Sauercl0ud | 🖤

Zurich, Switzerland Katılım Haziran 2018

1.2K Takip Edilen2K Takipçiler

Sabitlenmiş Tweet

A2nkF | Ilias@A2nkF_·1 Ağu

I wrote a macOS LPE chain using only logic bugs a couple of months ago and now I can finally share it ^^ Here's my blogpost about the vulns and techniques I used: objective-see.com/blog/blog_0x4D… And here's the code: github.com/A2nkF/unauthd

English

168

463

A2nkF | Ilias@A2nkF_·17 Ara

@__sethJenkins p0 could publish via fax machine and I’d still read it religiously 😆

English

3.8K

Seth Jenkins@__sethJenkins·17 Ara

We (Project Zero) got a new website! Because the last one was so...2014? projectzero.google

English

433

78.4K

A2nkF | Ilias@A2nkF_·29 Eki

@LiveOverflow - What obj/struct fields are attacker controlled/can be tainted somehow (even if not arbitrarily controlled) - Object relationships & sane value range - Field access convention (eg field supposed to be retrieved via helper function, lock must be acquired before writing x etc)

English

399

LiveOverflow 🔴@LiveOverflow·29 Eki

When you audit code, what global assumptions/invariants do you keep in working memory? For example when you review a web app you see how authorization is implemented. Then you keep that knowledge in your mind while reviewing different endpoints. What else? 🧠 Brainstorm pls 👇

English

16.4K

A2nkF | Ilias@A2nkF_·13 Eki

@CodeColorist @patch1t Can’t wait to see this!!! Awesome work man

English

276

A2nkF | Ilias retweetledi

Eric Topol@EricTopol·18 May

This week's genome editing triumph is a big deal. Here's why erictopol.substack.com/p/the-first-hu…

English

180

819

166.1K

A2nkF | Ilias@A2nkF_·17 May

@thezdi @SinSinology @SummoningTeam Really cool!!! Is this one getting a write up? 👀

English

195

TrendAI Zero Day Initiative@thezdi·15 May

Confirmed! The first ever winner of the AI category in #Pwn2Own is Sina Kheirkhah (@SinSinology) of Summoning Team (@SummoningTeam). His successful exploit of Chroma earns him $20,000 and 2 Master of Pwn points. #P2OBerlin

English

11K

A2nkF | Ilias@A2nkF_·2 May

@cutesmilee__ Much success man!

English

457

Tommaso@cutesmilee__·30 Nis

after almost 3 years, this is my last day at Dataflow, it’s been amazing to work with all the people there, I grew up a lot and can’t thank them enough for the opportunities they gave me but now a new adventure is about to start :-)

English

7.9K

A2nkF | Ilias@A2nkF_·1 Nis

@patch1t Haha that’s awesome!

English

400

Mickey Jin@patch1t·1 Nis

I got 14 new Apple CVEs in this release😎

ApplSec@ApplSec

🐛 NEW SECURITY CONTENT 🐛 💻 macOS Sequoia 15.4 - 131 bugs fixed 💻 macOS Sonoma 14.7.5 - 91 bugs fixed 💻 macOS Ventura 13.7.5 - 85 bugs fixed 📱 iOS and iPadOS 18.4 - 62 bugs fixed 🥽 visionOS 2.4 - 38 bugs fixed 📱 iPadOS 17.7.6 - 38 bugs fixed

English

644

52.4K

A2nkF | Ilias retweetledi

TrendAI™ Research@trendai_RSRCH·28 Ara

We found three more ways to bypass #Apple’s System Integrity Protection after the company’s initial patch of the exploit chain #vulnerability found by researcher @A2nkF_. Find out more about how Apple patched these flaws in our blog entry: research.trendmicro.com/3jeV5gZ

English

A2nkF | Ilias@A2nkF_·22 Tem

@layle_ctf Definitely Simon's if you like Steaks

English

Layle@layle_ctf·13 Haz

can anyone recommend any places to eat in zurich? ideally near central station but completely fine if not

English

A2nkF | Ilias@A2nkF_·10 Şub

@userlandkernel @__spv Is this a troll? I genuinely can’t tell 😅

English

A2nkF | Ilias@A2nkF_·1 Şub

@qwertyoruiopz @osxreverser Haha wait till you hear that the JIT is basically 1:1 copied from the Linux kernel. But tbh, you can’t call whatever Solana uses BPF anymore.

English

@[email protected]@qwertyoruiopz·1 Şub

@osxreverser there’s coins that use ELFs and BPF? wtf

English

A2nkF | Ilias@A2nkF_·30 Oca

@jonathandata1 @qwertyoruiopz lmao imagine trying to discredit @qwertyoruiopz 💀

English

A2nkF | Ilias@A2nkF_·27 Ara

@layle_ctf Oh wow it only took you like 5 seconds to get a 50% improvement in time until kernel connection 👀😜

English

Layle@layle_ctf·27 Ara

I wrote a new guide for rapid kernel and driver debugging! This time with a 2x performance improvement :) We utilize VMware Workstation natively (no Vagrant) for some extra performance benefits. - Time until kernel connection: ~ 10 seconds - Time until driver break: ~ 35 seconds

English

A2nkF | Ilias@A2nkF_·16 Ara

Wow… This might be the most impressive exploit I’ve ever seen

Ian Beer@i41nbeer

Today we're publishing a detailed technical writeup of FORCEDENTRY, the zero-click iMessage exploit linked by Citizen Lab to the exploitation of journalists, activists and dissidents around the world. googleprojectzero.blogspot.com/2021/12/a-deep…

English

A2nkF | Ilias@A2nkF_·29 Eki

@theevilbit @patrickwardle @jbradley89 Oh cool, I didn’t notice that system_installd invokes zsh! But you’re right, that’s the same technique I used just attacking a different child process 😄

English

Csaba Fitzl@theevilbit·29 Eki

@patrickwardle @jbradley89 Yes. I was thinking about it when read the MS blog. Also @A2nkF_ with the unauthd chain does a similar trick: objective-see.com/blog/blog_0x4D…

English

Patrick Wardle@patrickwardle·29 Eki

Neat SIP bypass for macOS: 1️⃣ Apple-signed .pkgs triggers launch of (SIP entitled) system_installd 2️⃣ system_installd executes zsh shell 3️⃣ zsh executes any cmds found in (subvertabile) /etc/zshenv. Such cmds (executed as a child of system_installd), run uninhibited by SIP 🙌🏽

Microsoft Threat Intelligence@MsftSecIntel

Microsoft found a vulnerability (CVE-2021-30892) that could allow an attacker to bypass System Integrity Protection (SIP) in macOS. We shared our findings with Apple via coordinated vulnerability disclosure, and a fix was released October 26. Get details: msft.it/6016k1VFi

English

117

A2nkF | Ilias@A2nkF_·21 Eki

@layle_ctf Oh hahaha nice know this works! @rA9_main 😆