Karol Mazurek

Thanks @8ksec for the recent #ARM64 #CTF. I wish to see Battleground continue to grow! In the blog below, I have gathered some learning resources about ARM64 that will save others' time. Additionally, you'll find a write-up about one of the challenges. patreon.com/posts/arm64-re…

We released new Pwndbg: github.com/pwndbg/pwndbg/… ! It brings new kernel commands for dumping heap allocator info, display of not taken branches (X marker) in disasm, better disasm for ARM/MIPS/LoongArch64, initial s390x support & more! Sponsor us at github.com/sponsors/pwndbg !

A short post about a #redteam from last year, where employees installed software from a shared SMB. It demonstrates how DLL hijacking in the Check Point SmartConsole installer (CVE-2024-24916) can be exploited for initial access on #Windows. Enjoy afine.com/dll-hijacking-…

Think RAM forgets? 🤔 Not always. See how secrets can leak, what mitigations exist on major OS like #macOS, #Windows, #Linux, and what devs can do: afine.com/when-memory-re…

My "Finding Vulnerabilities in Apple Packages at Scale" talk is up on YT 🎉

Here's an updated list of C/C++ programs that are totally memory safe because I ported then to Fil-C. In many cases they requires zero changes or just small cosmetic changes! - musl libc - libc++ (C++) - libc++abi (C++) - WG14 signals - libuev - icu4c (C++) - zlib - bzip2 -…

Well, it happened. The company I worked at for 6 years will be closing and thus I got laid off. This doesn't affect @octopwn operations in any negative ways, but I'm actively looking for a new day job. If someone has something please DM me. Retweets are appreciated.

My next book is open for pre-orders!!! I have included the first two chapters in audiobook form for free. You can listen to them now on my website or you can listen and read the sample on Apple Books. Looking forward to getting it into your hands. themittenmac.com/threat-hunting…

My writeup on CVE-2025-31200. This ones an interesting one blog.noahhw.dev/posts/cve-2025…. thanks to @bellis1000 for the shoutout.

Our new blog post is live: blog.dfsec.com/ios/2025/05/30…

Most #macOS devs often underestimate #Apple #TCC. I used to—until I wrote #malware and hit that wall. TCC is the last line protecting users even after compromise. In my latest post, I explain why vendors should care. Enjoy! afine.com/threat-of-tcc-…

This Video Can Exploit Your iPhone (CVE-2025-31200) youtu.be/nTO3TRBW00E?si…

You can the slides for my today’s @bsidesbud talk (Apple Disk-O Party) on my site: theevilbit.github.io/talks/

Thrilled to announce my new Project Zero blog post is LIVE! 🎉 I detail my knowledge-driven fuzzing process to find sandbox escape vulnerabilities in CoreAudio on MacOS. I'll talk about this and the exploitation process next week @offensive_con! googleprojectzero.blogspot.com/2025/05/breaki…

Oligo Security researchers uncovered critical vulnerabilities in Apple's AirPlay protocol, affecting billions of devices—allowing zero-click remote attacks, privilege escalation, MITM, and more. Update immediately to iOS 18.4 & MacOS 15.4. oligo.security/blog/airborne #CyberSecurity

That sandbox escape 🪣 took a year to fix! Two interesting takes: 1. This is a generic sandbox escape for any app using security-scoped bookmarks. 2. Keychain item redefinition attacks are scary - the potential goes beyond this vulnerability.

How a simple #fuzzing payload bypassed entitlement check and triggered a #kernel panic on #macOS in the IOMobileFramebuffer driver. Patched in 15.4. Enjoy! #RE, #Vulnerability #Research #PoC afine.com/case-study-iom…

Apple will (finally!) bring TCC events to Endpoint Security in macOS 15.4 🥳 I've just posted "TCCing is Believing" which covers details, nuances, and PoC code for the new 'ES_EVENT_TYPE_NOTIFY_TCC_MODIFY' event objective-see.org/blog/blog_0x7F…

It's here. My write-up for CVE-2024-54471. Enjoy :) wts.dev/posts/password…