Interacting with Samsung radio layer (RILD)Samsung Android phones expose a local socket to communicate with RILD. Security checks protecting this socket can be circumvented, permitting any App to inte...
Fast coverage analysis for binary applicationsA description of FuzzTrace, an hardware-assisted tracing tool for analyzing closed-source application, using Intel BTS.
Time to fill OS X (Blue)tooth: Local privilege escalation vulnerabilities in YosemiteA post about multiple security issues affecting the IOBluetoothHCIController OS X kernel extension (Yosemite).
Mac OS X local privilege escalation (IOBluetoothFamily)Discussion of a security vulnerability affecting OS X kernel extension IOBluetoothFamily, exploitable by a local attacker to gain root privileges.
Introducing QTrace, a “zero knowledge” system call tracerQTrace is a syscall tracer that requires no information about the structure of arguments, as it infers their format by observing kernel memory access patterns.
Owning Samsung phones for fun (…but with no profit :-))An overview of multiple security vulnerabilities affecting some Samsung proprietary Android components.
