BlueHatIL 2022 - Security Analysis of MTE Through Examples: slides, video, repo
Blackhat USA 2021 - Security Analysis of CHERI ISA: slides, video
Blackhat USA 2020 - Breaking VSM by Attacking SecureKernel: slides, video
35C3 - Modern Windows Userspace Exploitation: slides, video, repo
Recon BRX 2018 - Linux Vulnerabilities Windows Exploits: slides, repo
BlueHatIL 2018 - Linux Vulnerabilities Windows Exploits: slides, video, repo
MICRO '23 CHERIoT: Complete Memory Safety for Embedded Devices
CHERIoT: Rethinking security for low-cost embedded systems
Security analysis of CHERI ISA
Evaluating the feasibility of enabling SMAP for the Windows kernel
LFH Internals and Exploitation (Hebrew)
Survey of security mitigations and architectures, December 2022
CHERIoT:
ipc_kmsg_get_from_kernel vulnerability: iOS 15.4 - root cause analysis, part 2 - exploitation primitive, part 3 - more overlaps
iOS 16 beta:
iBoot Firebloom:
Bindiff and POC for the IOMFB vulnerability, iOS 15.0.2
WebContent->EL1 LPE: OOBR in AppleCLCD / IOMobileFrameBuffer
Exhaust EL1 memory from the app sandbox
str::repeat - stable wildcopy exploit of CVE-2018-1000810
Attacking the VM Worker Process
First Steps in Hyper-V Research
Deterministic LFH - bypass && mitigate LFH randomization
Warm up exercises: preparing for the Ubuntu 21.10 CTFs
echo pwn challenge, googlequals2020 - solution