Brandon Azad

Elite
@bazad

iOS security research

ida_kernelcache. An IDA Toolkit for analyzing iOS kernelcaches.

303

memctl. An iOS kernel introspection tool.

272

blanket. CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6 leading to sandbox escape, privilege escalation, and codesigning bypass.

260

x18-leak. CVE-2018-4185: iOS 11.2-11.2.6 kernel pointer disclosure introduced by Apple's Meltdown mitigation.

87

rootsh. Local privilege escalation for OS X 10.10.5 via CVE-2016-1828.

86

threadexec. A library to execute code in the context of other processes on iOS 11.

83

presentations. Slides from my conference presentations.

79

ios-command-line-tool. Example showing how to build a standalone iOS executable using Xcode.

71

physmem. Local privilege escalation through macOS 10.12.1 via CVE-2016-1825 or CVE-2016-7617.

66

devicetree-parse. A tool to parse Apple's binary device tree format.

59

launchd-portrep. CVE-2018-4280: Mach port replacement vulnerability in launchd on macOS 10.13.5 leading to local privilege escalation and SIP bypass.

59

xpc-string-leak. CVE-2018-4248: Out-of-bounds read in libxpc during string serialization.

54

macho_gadgets. A tool to find gadgets in the iOS kernelcache.

33

AppleJPEGDriver-memleak. Kernel memory leak/local DOS on iOS 11.

30

ctl_ctloutput-leak. CVE-2017-13868: Information leak of uninitialized kernel heap data in XNU.

27

gsscred-race. CVE-2018-4331: Exploit for a race condition in the GSSCred system service on iOS 11.2.

24

memctl-kext-core. A memctl core for macOS that uses a kernel extension.

15

IOAccelerator-leak. Kernel heap pointer disclosure in IOGraphicsFamily.

13

memctl-tfp0-core. A memctl core for jailbroken iOS devices.

11

xpc-crash. An out-of-bounds read in libxpc that can be used to crash XPC services.

11

bazad.github.io. My security blog.

11

flow_divert-leak. Kernel heap read buffer overflow on macOS/iOS requiring root.

10

mincore-dos. Local denial of service exploit for iOS 11/macOS 10.13.

9

memctl-physmem-core. A memctl core that uses the physmem exploit.

8

kldstat-stack-disclosure. A kernel stack disclosure in FreeBSD.

8

gsscred-move-uaf. CVE-2018-4343: Proof-of-concept for a use-after-free in the GSSCred daemon on macOS and iOS.

7

flow_divert-memleak. Memory leak in XNU requiring root privileges.

6

IOMFB-DOS-1. Local denial of service on iOS 11.2.

6

flow_divert-heap-overflow. Proof-of-concept exploit for CVE-2016-1827 on OS X Yosemite.

4

IOFireWireFamily-null-deref. CVE-2017-2388: Null-pointer dereference in IOFireWireFamily.

3

mach_portal_memctl. An example of how to use libmemctl with mach_portal.

3

sysctl_coalition_get_pid_list-dos. CVE-2017-7173: Local denial of service for iOS requiring root privileges.

3

IOFireWireFamily-overflow. CVE-2016-7608: Buffer overflow in IOFireWireFamily.

2
33
Apply