PHP filter_var shenanigans

It is likely that we have all seen PHP filters that prevent us from encountering vulnerabilities. Here in this blog post, I’ll walk you through my thought process for bypassing a filter by looking for a bug in the filter itself in order to reach a bug!
Read more →

Escaping privileged containers for fun

Despite the fact that it is not a ‘real’ vulnerability, escaping privileged Docker containers is nevertheless pretty funny. And because there will always be people who will come up with reasons or excuses to run a privileged container (even though you really shouldn’t), this could really be handy at some point in the future
Read more →

Variant analysis of the ‘Sequoia’ bug

I imagine we’ve all heard about the recent ‘Sequoia’ bug discovered by the Qualys Research team. It’s a fascinating bug so I decided to do variant analysis using CodeQL!
Read more →

A story about an Apple and two fetches

Mistreatment by Apple Security is unfortunately something you’re likely to come across on a regular basis. Usually this concerns people that conduct free work for Apple in their spare time by auditing their assets. Despite Apple’s website claiming the opposite, you’ll frequently find things like quiet patching, no credit, no bounties, and an appalling lack of communication.
Read more →

Setting Up a Kernel Debugging Environment

Following up on my first blog post, I’ve received a few requests to write about setting up a debugging environment; however, since everybody uses different emulators and so on, I’ll mainly focus on which config options are useful!
Read more →