Publications

Slides

Intro to Binary Analysis with Z3 and angr

If you’ve ever wanted to play with angr but found the barrier to entry too high? Or have you seen people do what may as well be straight up magic using tools like Z3? This workshop...

+ read more

Slides

Big Game Fuzzing Pwn2Own Safari T2

This talk discussed the trials and tribulations of our Pwn2Own preparation this year for targeting Apple macOS Safari. Both in terms of the tools we have developed for browser vulnerability research and the experience gained whilst...

+ read more

Publication

Apple Safari Pwn2Own 2018 Whitepaper

This whitepaper describes the vulnerabilities used for Desktop PWN2OWN 2018 and details of the exploits produced. These issues were tested against the latest release Safari (Version 11.0.3 13604.5.6) at the time of writing running on macOS 10.13.3.

+ read more

Slides

The Mate Escape - Huawei Pwn2Owning

James Loureiro and Alex Plaskett presented The Mate Escape - Huawei Pwn2Owning at Hacktivity 2018. 

+ read more

Slides

Chainspotting: Building Exploit Chains with Logic Bugs

Last year at CanSecWest, we celebrated the advantages of logic bugs over memory corruptions and showcased a nice and shiny bug in Chrome on Android from Mobile Pwn2Own 2016.

+ read more

Whitepaper

Huawei Mate 9 Pro Mobile Pwn2Own 2017

This document attached contains the vulnerabilities which were used for Mobile Pwn2Own 2017 (https://www.thezdi.com/blog/2017/11/2/the-results-mobile-pwn2own-2017-day-two) to compromise the Huawei Mate 9 Pro (LON-AL00 variant).

+ read more

Whitepaper

Apple Safari - Wasm Section Exploit

As part of our preparation for Pwn2own 2018 we started investigating Web Assembly (Wasm) as this feature is a relatively new component added to Safari, which was likely to have undergone less assurance than some of the...

+ read more

Slides

Investigating RF Controls with RTL-SDR

Katie Knowles presented an introduction to Software Defined Radio (SDR) titled 'Signal Safari: Investigating RF Controls with RTL-SDR' at BSidesNYC 2018. This talk gave attendees a crash course in using SDRs to conduct their own RF investigations.

+ read more

Slides

Corrupting Memory In Microsoft Office Protected-View Sandbox

Yong Chuan Koh presented this talk at Microsoft BlueHat v17. 

+ read more

Slides

Biting the Apple that feeds you - macOS Kernel Fuzzing

This talk aimed to cover the research which has been undertaken following on from the Defcon presentation on MWR's platform agnostic kernel fuzzing, to automatically identify critical flaws within Apple macOS.

+ read more

Whitepaper

Kernel Driver mmap Handler Exploitation

This paper aims to guide it's reader towards building a working exploit for Linux kernel driver memory mapping issues. This research was largely motivated due to the lack of public step by step documentation on how...

+ read more

Slides

Land, Configure Microsoft Office, Persist

One software product that red teamers will almost certainly find on any compromised workstation is Microsoft Office. This talk discussed the ways that native functionality within Office can be abused to obtain persistence.A wide range of...

+ read more