Potato Soup 🇵🇸

@krzywix what're your observations on using comic sans and its psychological effects on hacker's mental health?

@_L4ys makes sense for model jb'ing.

my new idea: prompt2own like pwn2own, but teams can only submit prompts

backdoor grade bug

@__suto good? 😄

There are some good news about gpt 5.5, so I ran it on v8ctf 30-bug evals and it found nothing. Maybe it’s too polite to point out bugs or need to tweak prompt to match with it new behaviour. Previously, GPT-5.4 successfully figured out 10/30, Sonnet found 7, and GLM 5.1 and Kimi 2.6 found 4.

@CodeColorist assuming compiler produces same output for "same logic, different representation" inputs.

@CodeColorist considering sb compiler optimizations, if deterministically comparing binary forms is possible, this may give you 100% correct success evaluations: compile(oss sb)) vs compile(decompile(compile(oss sb)))

Asked Claude to rewrite sandblaster with own kernel cache parser and constant finder, then the decision tree simplifier. Now the problem is, how am I supposed to test of the output is correct 🙂‍↔️

@WHW_0x455 no you are wrong, they're not 'people', its claude 😆

ppl act like the kernel R/W came from nowhere and everyone has forgot there was a second stage exploit.... funny....

@GotR00tAcce55 `%s/We wrote it/Cloude wrote it/`

Google's Threat Intelligence Group called this "the most technical part" of Predator's exploit chain and said it deserved its own blog post We wrote it FDGuardNeonRW, PAC bypass via JSC gadgets, 256-entry signing cache and more, all previously undocumented jamf.com/blog/predator-…

A classical @apple bad UX story: To insert an extra icon into the dock, one needs a multi-million dollar full chain exploit.

@CodeColorist hmm I inferred the tool would be inspecting system apps, as well, ok.

@joinedserver MTE part is the official recommendation from developer doc for 3rd party apps. But yes, 3rd party apps could still use those instructions. In my implementation I skip dyld_shared_cache to not blow the output. I will correct that and thank you

@CodeColorist The article claimed MTE instructions are just in allocator libraries so won't appear in executables; which is wrong. Also it mentioned fbounds-safety is hard to detect on binary, but the emitted disassembly is distinguishable enough even for not-so-pedant reverser I believe.

@joinedserver I just took it down for more proofreading. Could you please tell me some examples on the wrong conclusions? Could be my wrong opinion or ignorance. Appreciate it!

@lukOlejnik what's the relevancy of the picture from iran here?

North Korea planted malicious code in Axios - one of the most popular JavaScript libraries, used by developers worldwide: in AI tools, ML pipelines, and fintech infrastructure. Had the attack gone undetected, infected packages could have reached hundreds of thousands of projects, servers, and production systems - from startups to banks and government institutions. The malware collected host data and waited for orders from Pyongyang, running on Linux, macOS, and Windows. STARDUST CHOLLIMA - a DPRK unit specializing in cryptocurrency theft and software supply chain attacks is behind the op. The motivation is simple: cash for the regime. The target: everyone who has ever imported axios.

@HeWhomCodes @RealTriassic I think you can trap syscalls by dynamically finding svc instructions

@RealTriassic Yep, but one caveat is that it works only through dynamic library redirection, somewhat similar to Wine, as macOS does not provide a mechanism for trapping system calls, so, for example, binaries that are written in Go won't work as I think they don't use libc.

A side project I work on from time to time when I'm bored/burnt out/etc is a Linux-on-Mac compatibility layer, called Fine. It currently runs simple command line Linux binaries. Next requirement is Thread Local Storage for more complex ones like bash, with a future goal of GUI.

@calif_io deserves pwnie

MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747) To our knowledge, this is the first remote kernel exploit both discovered and exploited by an AI. blog.calif.io/p/mad-bugs-cla…

@Jalbrec4 @krzywix @iBSparkes @i41nbeer @_bazad @ProjectZeroBugs snapshare was alive

@joinedserver @krzywix @iBSparkes @i41nbeer @_bazad @ProjectZeroBugs It's not known how it was leaked to be fair. Watering hole sites were scrubbed and delivery domains were inop by working with CERTs. Both DS and Coruna were deployed at a previously unforeseen scale when discovered. Opa334 handled this responsibly, the leaker not so much.

I feel like there has been a crazy [negative] response to the "DarkSword" chain, the bugs going public, and hence being publcily exploited. I don't rememebr a time in the iOS scene where this has ever previously been the case. It's been a long standing tradition for bugs to be/

@zeroxjf you are the yellow emoji human?

For all its notoriety, the DarkSword exploit chain has been extremely unreliable in testing. Repro successful maybe 10% of the time, if that. Test device, no personal data. 15 PM running 18.6.2

@daviddiaul looking for replacements after they burned their own leaked full chain thru GTIG? 😆

Hiring for several offensive security research roles 🔍 📱 Senior Offensive Security Researcher — Android Chromium Sandbox Security 🌐 Offensive Security Researcher — Browser 🍎 Offensive Security Researcher — iOS Kernel Role links in the first reply. Please share if someone great comes to mind 🙌 #Hiring #CyberSecurity #OffensiveSecurity #Infosec

@krzywix @iBSparkes @i41nbeer @_bazad @ProjectZeroBugs while on it, may I ask why did you (google, iVerify, lookout) let it being repurposed publicly while mentioning there're still a big number of users on vulnerable versions? every kid can just change the C2 IP and host their full 1-click chain - this is something unexpected.

@iBSparkes @i41nbeer @_bazad @ProjectZeroBugs I think the reaction is mainly to full 1-click chain with implants ready to repurpuse for criminal activities. The examples you presented from the past are not that. I do not uderstand negative reaction to reimplemented kernel part for jb purposes. Unfrotunate naming collision?