Tim Willis

@itswillis

Long time listener, infrequent tweeter. Head of Project Zero @Google. Views are my own. Still reading: "Brown Bear, Brown Bear, What Do You See?"

Joined October 2012

195Following

4KFollowers

Pinned

Tim Willis@itswillis · Jan 30

Two new posts from @tiraniddo today: googleprojectzero.blogspot.com/2025/01/window… on reviving a memory trapping primitive from his 2021 post. googleprojectzero.blogspot.com/2025/01/window… where he shares a bug class and demonstrates how you can get a COM object trapped in a more privileged process. Happy Reading! 📚

229

113

31.0K

Pinned

Tim Willis@itswillis · Feb 6, 2024

Great to see srldf.org working as intended! This fund would have never launched without the hard work of many, but a special shoutout to @HarleyGeiger and @charley_snyder_ to making a reality.

MMichał Kowalczyk 🇺🇦@dsredford · Feb 4, 2024

Shout out to the Security Research Legal Defense Fund for helping us go public about our train research! We're honored to be their first grantees. Longer post + link to their announcement: social.hackerspace.pl/@q3k/111874181…

2.0K

Tim Willis@itswillis · May 25

Part 7 (!) of @j00ru's Windows Registry adventure is now live: googleprojectzero.blogspot.com/2025/05/the-wi… "I will describe the various areas that are important in the context of low-level security research... all possible entry points to attack the registry... and the primitives they generate"🙌

1.0K

Tim Willis@itswillis · May 9

For those that won't be in Germany next weekend to see @dillon_franke live, this is the next best thing! (post also includes Dillon's fuzzing harness and tools Dillon built along the way) 🎉

DDillon Franke@dillon_franke · May 9

Thrilled to announce my new Project Zero blog post is LIVE! 🎉 I detail my knowledge-driven fuzzing process to find sandbox escape vulnerabilities in CoreAudio on MacOS. I'll talk about this and the exploitation process next week @offensive_con! googleprojectzero.blogspot.com/2025/05/breaki…

2.0K

Tim Willis@itswillis · Apr 16

...and now, introducing Part 6 of @j00ru's work on the Windows Registry: googleprojectzero.blogspot.com/2025/04/the-wi… 📖👀

TTim Willis@itswillis · Dec 19

Part 5 of @j00ru's Windows Registry Adventure is out! googleprojectzero.blogspot.com/2024/12/the-wi… Incredible depth of knowledge on display, and good to see it shared as a reference with the world ❤️

10.0K

Tim Willis@itswillis · Jan 7

It doesn't happen very often, but Project Zero is hiring! goo.gle/41DBQBY Please share with anyone you think would be awesome for the role 🎉 Looking for at least one person. DMs open if you want to reach out about the role. The team: youtu.be/My_13FXODdU

276

47.0K

Tim Willis@itswillis · Dec 19

120

23.0K

Tim Willis Retweeted

Dillon Franke@dillon_franke · Dec 17

Great to see Apple quickly patch the MacOS sandbox escape/privilege escalation vulnerability I reported to them. Big thanks to @NedWilliamson, @i41nbeer, and @i41nbeer for all the help :) I'm working on a blog post and hope to release it soon!!

172

20.0K

Tim Willis Retweeted

Seth Jenkins@__sethJenkins · Dec 16

My blog post is now live alongside @amnesty 's joint release, providing remarkable insight into an ITW exploitation campaign! googleprojectzero.blogspot.com/2024/12/qualco… Turns out that you can find out quite a bit with just some kernel stacktraces ;) From Amnesty: securitylab.amnesty.org/latest/2024/12…

26.0K

Tim Willis@itswillis · Dec 16

If you've ever wondered if one can determine a vuln from just the kernel panic logs, @__sethJenkins (feat. @tehjh & @benoitsevens) have something to share: googleprojectzero.blogspot.com/2024/12/qualco… Great to collaborate with @amnesty, find vulns and get them fixed: securitylab.amnesty.org/latest/2024/12…

7.0K

Tim Willis@itswillis · Dec 12

Finding 0day is not the most impactful thing that Project Zero does 😲 — it's sharing knowledge 🧠. One part of that sharing is our tooling work to help other devs and reserachers. Today's installment, @tiraniddo's updated OleView.NET👍 Blog: googleprojectzero.blogspot.com/2024/12/window…

154

15.0K

Tim Willis@itswillis · Nov 1

Project Zero Blogpost recap for the month: googleprojectzero.blogspot.com/2024/10/the-wi… — @j00ru doing another deep dive into the Windows Registry googleprojectzero.blogspot.com/2024/10/effect… — Nick Galloway's dav1d fuzzing case study (new) googleprojectzero.blogspot.com/2024/10/from-n… — an update on using LLMs to find vulns Enjoy! 🎉

205

107

19.0K

Tim Willis@itswillis · Jun 13, 2024

"While... public and in-the-wild research on Android GPU drivers [exists], other chipset components may not be as frequently audited so this research sought to explore those drivers in greater detail." Hot tip: There's a video version and a proof of concept exploit at the end👍

SSeth Jenkins@__sethJenkins · Jun 13, 2024

My new Project Zero blog post, Driving Forward in Android Drivers is live! 🥳 googleprojectzero.blogspot.com/2024/06/drivin…

4.0K

Tim Willis@itswillis · Apr 18, 2024

Join @j00ru as he shares his research/adventure through the Windows Registry: googleprojectzero.blogspot.com/2024/04/the-wi… 50 CVEs is just the beginning. Future posts will explore the attack surface, history, practical exploitation using hive memory corruption, cell indexes and other good times🎉

162

43.0K

Tim Willis@itswillis · Nov 3, 2023

New Project Zero blogpost by Mark Brand - first mobile device ships with MTE (and how to enable it). "MTE on a production handset for the first time is a big step forward... there's real potential to use this technology to make 0-day harder". googleprojectzero.blogspot.com/2023/11/first-…

188

54.0K

Tim Willis@itswillis · Sep 19, 2023

"This... modern in-the-wild Android exploitation... chain [relies] on n-days to bypass the hardest security boundaries - code execution from a remote context to system_server was achieved solely with n-day exploits." Great work by @__sethJenkins and team 👍

SSeth Jenkins@__sethJenkins · Sep 19, 2023

I just released a blog post on an Android ITW exploit chain: googleprojectzero.blogspot.com/2023/09/analyz… A big thanks to Google TAG and the other members of Project Zero who participated in the creation of this blog post and analysis of the chain!

2.0K

Tim Willis@itswillis · Jul 11, 2023

Bittersweet to see @maddiestone and the ITW mission leave Project Zero: sad to see it go, but very pleased that it became a team within TAG, now with four people working on this mission and already finding some serious ITW 0-day! So long, and thanks for all the RCAs! 🥲

MMaddie Stone@maddiestone · Jul 11, 2023

Four years ago I joined Project Zero as a part of an "experiment", to create & lead a new effort focused on ITW 0day exploits. It has been an amazing ride & I feel so honored & lucky to have been a part of this incredible team full of fantastic humans.

17.0K

Tim Willis Retweeted

David Kleidermacher@DaveKSecure · Apr 21, 2023

not every day 4 world-class security teams (all from Google, though that's not all of them...TAG, Mandiant, CrOS Security, and more) co-author a doc... #powerofopen storage.googleapis.com/gweb-uniblog-p…

3.0K

Tim Willis Retweeted

Royal Hansen@royalhansen · Apr 18, 2023

Does it feel like vulnerability management is just a game of whack-a-mole? A vulnerability is found, patched and then another pops up — rinse and repeat. Check out @Google’s new Initiatives to reduce the risk of vulnerabilities and protect researchers. blog.google/technology/saf…

2.0K

Tim Willis@itswillis · Apr 13, 2023

Happy to be in DC today to help launch the Security Research Legal Defense Fund srldf.org Let's do what we can to better protect security researchers, and not shoot the messenger. Instead, let's embrace the messenger, which will make us all safer in the end✌️

itswillis's tweet card. We aim to help fund legal representation for persons that face legal issues due to good faith security research and vulnerability disclosure in cases that would advance cybersecurity for the public...

20.0K