Brandon Azad's repositories
ida_kernelcache
An IDA Toolkit for analyzing iOS kernelcaches.
threadexec
A library to execute code in the context of other processes on iOS 11.
presentations
Slides from my conference presentations.
ios-command-line-tool
Example showing how to build a standalone iOS executable using Xcode.
launchd-portrep
CVE-2018-4280: Mach port replacement vulnerability in launchd on macOS 10.13.5 leading to local privilege escalation and SIP bypass.
xpc-string-leak
CVE-2018-4248: Out-of-bounds read in libxpc during string serialization.
devicetree-parse
A tool to parse Apple's binary device tree format.
macho_gadgets
A tool to find gadgets in the iOS kernelcache.
AppleJPEGDriver-memleak
Kernel memory leak/local DOS on iOS 11.
ctl_ctloutput-leak
CVE-2017-13868: Information leak of uninitialized kernel heap data in XNU.
gsscred-race
CVE-2018-4331: Exploit for a race condition in the GSSCred system service on iOS 11.2.
memctl-kext-core
A memctl core for macOS that uses a kernel extension.
IOAccelerator-leak
Kernel heap pointer disclosure in IOGraphicsFamily.
flow_divert-leak
Kernel heap read buffer overflow on macOS/iOS requiring root.
memctl-tfp0-core
A memctl core for jailbroken iOS devices.
bazad.github.io
My security blog.
mincore-dos
Local denial of service exploit for iOS 11/macOS 10.13.
kldstat-stack-disclosure
A kernel stack disclosure in FreeBSD.
gsscred-move-uaf
CVE-2018-4343: Proof-of-concept for a use-after-free in the GSSCred daemon on macOS and iOS.
memctl-physmem-core
A memctl core that uses the physmem exploit.
flow_divert-memleak
Memory leak in XNU requiring root privileges.
IOMFB-DOS-1
Local denial of service on iOS 11.2.
IOFireWireFamily-null-deref
CVE-2017-2388: Null-pointer dereference in IOFireWireFamily.
sysctl_coalition_get_pid_list-dos
CVE-2017-7173: Local denial of service for iOS requiring root privileges.
IOFireWireFamily-overflow
CVE-2016-7608: Buffer overflow in IOFireWireFamily.
mach_portal_memctl
An example of how to use libmemctl with mach_portal.