Debugging macOS Kernel using VirtualBox

Update: In the HN discussion, awalton mentioned you can set CPUID flags in VMWare. Simply adding cpuid.7.ebx = "-----------0--------------------" to the vmx file will disable SMAP. Late last year, I upgraded my old MBP to the 2016 model with a Skylake processor. As I was debugging a kernel exploit, it turned out that SMAP was enabled inside my VMWare Fusion VM. I wanted to avoid dealing with SMAP, but couldn't figure out how to disable it in Fusion. [Read More]

A Shifty Detail in Pegasus

Late last year, Pegasus received all the buzz in the macOS/iOS scene. The spyware was used by nation state actors, targeting human rights defender Ahmed Mansoor. Developed by NSO Group in Israel, the malware is usually introduced via a malicious link through text message, and is capable of gaining remote kernel code execution on the target iOS device's before jailbreaking and installing itself onto the victim device. Pegasus leverages 3 vulnerabilities collectively known as Trident-- a webkit memory corruption, a kernel infoleak, and another memory corruption in the kernel. [Read More]

How to think about password managers

There exist numerous methods to authenticate a user to a system, but using only passwords continues to be the dominating choice [1, 2]. Under these circumstances, ideally, a user would have strong, unique passwords for each account that he or she has. However, this is an unrealistic expectation for the average human being. Thus largely, the general population uses a handful of weak passwords for all of their user accounts.[3, 4, 5, 6] [Read More]

hello world

Hello world. This is my blog.