Vulnerability Research Digest - Issue 1 (macOS/iOS in 2022)

In the past few years I created some twitter threads (e.g. Windows Kernel Security Linux Kernel Security) on a number of publications I found the most interesting within the vulnerability research space, this didn’t really give me that much space to actually provide detail or allow this to be stored within a format which is easily accessible and I could refer back too. Therefore this years vulnerability research digest is going to be on my blog too.

Read More

Demystifying Security Research - Part 1

There are a number of key questions which are always asked by people wanting to get into security research, find out more about how others go about it or just generally improve their processes. In this post I want to highlight some of things which work for me and some guidance which may help for others. This is a rare less technical post by me as it feels like a lot of the time people see the end results of the research but the process of getting there and the challenges faced is less obvious.

Read More

Coverage Guided Fuzzing in Go

Recently I had the need to explore coverage guided fuzzing in Go. Whilst there is a bit of information scattered around on multiple different sites, as someone who is fairly new to Go, I couldn’t find a good concise source of information on what is already out there and the current state of play of fuzzer tooling within the Go world.

Read More

KASAN Info Leak Detection

In my previous blog post I dug into a general overview of the KASAN implementation in XNU. This post goes more in depth in detecting kernel uninitialized information leaks using it (no 0days dropped here :)). Kernel Information Leaks to userland are a common problem and can be used to leak confidential information or disclose kernel memory addresses which are typically used to bypass KASLR. An example of this type of vulnerability is CVE-2017-13868.

Read More