In the part 1 of my tutorial style blog post about fuzzing, I discussed how we can instrument the macOS KEXTs to collect code coverage at the basic block or edge level.| My interesting research.
This blog post is a reshare of a personal note I wrote 15 years ago, and I’m sharing it here for nostalgic reasons. fast forward to 2024, and we now have KASAN integrated into the Windows kernel.| My interesting researches
During our recent fuzzing efforts on various subsystems of the Linux kernel, we encountered a kernel panic. Interestingly, the kernel panic that exposed the vulnerability was not directly related to the input seed generated by our fuzzer. Instead, it was the fuzzer’s activity itself that inadvertently triggered the bug. Although the initial sample generated by the fuzzer didn’t provide a direct proof of concept (PoC), a thorough analysis of the panic log enabled us to develop a PoC for th...| My interesting researches
https://github.com/R00tkitSMM/CVE-2024-27804| My interesting researches
MS15-061 is a Use After Free vulnerability in Windows Kernel. A malicious application can exploit it be able to execute arbitrary code with kernel privileges.| My interesting researches
ImageIO is Apple’s Framework that handles image parsing, which exposes 0click attack surface| My interesting researches
Update:| My interesting researches
Hi everyone! I’m really happy to tell you about my experimenting adventure today. I decided to experiment with KCOV and see how I can hook it into libfuzzer and boot the kernel without spending too much on building a root file system.| My interesting researches
This blog post is the result of some weekend research, where I delved into Pishi, a static macOS kernel binary rewriting tool. During the weekdays, I focus on Linux kernel security at my job and would rather not investigate the Windows kernel again, which leaves macOS/iOS as the only remaining option.| My interesting researches