Breaking SIP with Apple-signed Packages
May 2, 2024
By Michael Cowell
The original topic of my first blog post, posted approximately a year ago, was to discuss how command injection vulnerabilities are present in PackageKit on macOS. While writing the article, I found some Apple-signed packages which had command injection vulnerabilities which could be used to bypass SIP.
JEB Unchained
November 14, 2023
By Antonio Fuerte
JEB is a reverse engineering tool that can analyze several file formats, e.g. Siemens Simatic PLC software, Ethereum smart contracts, as well as native code, and Android.
We are going to focus on Android, since JEB is the standard de facto for this platform.
SCUDO HARDENED ALLOCATOR — UNOFFICIAL INTERNALS DOCUMENTATION
September 21, 2023
By Rodrigo Branco
SCUDO is a user-mode memory allocator developed by Google, based on the LLVM Sanitizers’ Combined allocator and with a focus on practical security. Given that SCUDO’s primary objective is security, this article also covers some of the decisions made, trade-offs and limitations.
VMWARE WORKSPACE ONE ACCESS
February 27, 2023
By Steven Seeley
In 2022, I conducted research against VMWare Workspace ONE Access and was able to find a remote code execution vulnerability triggerable by an authenticated administrator. Although authentication is required, past authentication bypass vulnerabilities have been published. As an aside, if you’re interested in this sort of work, here at Trenchant we perform vulnerability research against a wide variety of interesting and challenging targets!