ida_kernelcache. An IDA Toolkit for analyzing iOS kernelcaches.
303memctl. An iOS kernel introspection tool.
272blanket. CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6 leading to sandbox escape, privilege escalation, and codesigning bypass.
260x18-leak. CVE-2018-4185: iOS 11.2-11.2.6 kernel pointer disclosure introduced by Apple's Meltdown mitigation.
87rootsh. Local privilege escalation for OS X 10.10.5 via CVE-2016-1828.
86threadexec. A library to execute code in the context of other processes on iOS 11.
83presentations. Slides from my conference presentations.
79ios-command-line-tool. Example showing how to build a standalone iOS executable using Xcode.
71physmem. Local privilege escalation through macOS 10.12.1 via CVE-2016-1825 or CVE-2016-7617.
66devicetree-parse. A tool to parse Apple's binary device tree format.
59launchd-portrep. CVE-2018-4280: Mach port replacement vulnerability in launchd on macOS 10.13.5 leading to local privilege escalation and SIP bypass.
59xpc-string-leak. CVE-2018-4248: Out-of-bounds read in libxpc during string serialization.
54macho_gadgets. A tool to find gadgets in the iOS kernelcache.
33AppleJPEGDriver-memleak. Kernel memory leak/local DOS on iOS 11.
30ctl_ctloutput-leak. CVE-2017-13868: Information leak of uninitialized kernel heap data in XNU.
27gsscred-race. CVE-2018-4331: Exploit for a race condition in the GSSCred system service on iOS 11.2.
24memctl-kext-core. A memctl core for macOS that uses a kernel extension.
15IOAccelerator-leak. Kernel heap pointer disclosure in IOGraphicsFamily.
13memctl-tfp0-core. A memctl core for jailbroken iOS devices.
11xpc-crash. An out-of-bounds read in libxpc that can be used to crash XPC services.
11bazad.github.io. My security blog.
11flow_divert-leak. Kernel heap read buffer overflow on macOS/iOS requiring root.
10mincore-dos. Local denial of service exploit for iOS 11/macOS 10.13.
9memctl-physmem-core. A memctl core that uses the physmem exploit.
8kldstat-stack-disclosure. A kernel stack disclosure in FreeBSD.
8gsscred-move-uaf. CVE-2018-4343: Proof-of-concept for a use-after-free in the GSSCred daemon on macOS and iOS.
7flow_divert-memleak. Memory leak in XNU requiring root privileges.
6IOMFB-DOS-1. Local denial of service on iOS 11.2.
6flow_divert-heap-overflow. Proof-of-concept exploit for CVE-2016-1827 on OS X Yosemite.
4IOFireWireFamily-null-deref. CVE-2017-2388: Null-pointer dereference in IOFireWireFamily.
3mach_portal_memctl. An example of how to use libmemctl with mach_portal.
3sysctl_coalition_get_pid_list-dos. CVE-2017-7173: Local denial of service for iOS requiring root privileges.
3IOFireWireFamily-overflow. CVE-2016-7608: Buffer overflow in IOFireWireFamily.
2