Ben Hawkes
@benhawkes
Followers
34,672
Following
446
Media
3
Statuses
831
Explore trending content on Musk Viewer
#MerzAestheticsXหลิงออม
• 795705 Tweets
LINGORM FILL
• 771047 Tweets
GEMFOT x TSS2024
• 92790 Tweets
期日前投票
• 81753 Tweets
#プロセカ放送局
• 69617 Tweets
Daisuke
• 33476 Tweets
ドラフト
• 31673 Tweets
#トキメキ旅
• 31363 Tweets
ボボステ
• 27201 Tweets
ヴェノム
• 25546 Tweets
サクラコ
• 24111 Tweets
WahWah Kabir Guru Pura
• 23572 Tweets
Hopkins
• 21798 Tweets
ブレイバーン
• 16342 Tweets
メルトリリス
• 15505 Tweets
Eşit
• 15281 Tweets
ドナルド
• 14767 Tweets
自民衝撃の197議席
• 13183 Tweets
オリエンス
• 11682 Tweets
An immutable law of security research: if you find a vulnerability, someone will describe your handling of it as 'irresponsible'.
10
324
855
Apple have fixed three issues reported by Project Zero that were being actively exploited in the wild. CVE-2020-27930 (RCE), CVE-2020-27950 (memory leak), and CVE-2020-27932 (kernel privilege escalation). The security bulletin is available here:
15
381
892
"The WebP 0day" -- a full technical analysis the recently patched vulnerability in the WebP image library that was exploited in the wild (CVE-2023-4863).
15
332
839
It looks like we won't be able to use the Apple "Security Research Device" due to the vulnerability disclosure restrictions, which seem specifically designed to exclude Project Zero and other researchers who use a 90 day policy.
12
177
704
Project Zero's tracking sheet for zero-day exploits that were detected "in the wild":
6
360
671
Ian Beer's userspace research tool for iOS 10.0 to 10.3.2 has been released here:
37
355
596
Project Zero blog: "aPAColypse now: Exploiting Windows 10 in a Local Network with WPAD/PAC and JScript" by
@ifsecure
,
@halvarflake
,
@tiraniddo
and
@bool101
-
6
484
643
After 12 years at Google, it's time to say goodbye! Watching the growth and achievements of the Google security team over the past 12 years has been an incredible experience. Important problems, and a bunch of amazing people. For me though, it's time to try something new. 1/3
12
25
665
Welcome Maddie Stone (
@maddiestone
) to Project Zero! Maddie is leading a new effort to study 0day exploits in the wild.
28
47
630
Project Zero is hiring! Vulnerability research, exploit development, tooling development, and using security research results to drive long-term improvements in software/hardware security.
14
304
579
This is a list of the most commonly exploited vulnerabilities between 2016 and 2019, from CISA and FBI. Unfortunately they didn't share their methodology, but let's take a closer look at the CVEs, because I think the list shows an interesting trend.
Check out
@CISAgov
and
@FBI
's Alert on the Top 10 CVEs routinely exploited by foreign cyber actors. Patch ASAP to reduce your risk.
#Cyber
#Cybersecurity
#InfoSec
1
124
170
6
303
597
iOS 10.3.3 fixes CVE-2017-7047. If you’re interested in userspace research on iOS, keep a device on 10.3.2 or below. Tool release next week.
55
288
521
Project Zero discovered and reported an actively exploited 0day in freetype that was being used to target Chrome. A stable release that fixes this issue (CVE-2020-15999) is available here:
9
206
533
Project Zero blog: "The Fully Remote Attack Surface of the iPhone" by Natalie Silvanovich (
@natashenka
) -
4
262
534
Project Zero blog: "The Great DOM Fuzz-off of 2017" by
@ifsecure
(w/ new open source fuzzer) -
4
348
506
CVE-2019-7286 and CVE-2019-7287 in the iOS advisory today () were exploited in the wild as 0day.
14
248
442
Project Zero blog post: "Reading privileged memory with a side-channel" by Jann Horn (
@tehjh
) -
1
433
469
Today I'm very excited to announce the launch of my new security consulting company, Isosceles:
61
78
516
Project Zero blog: "Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices" by
@laginimaineb
-
9
305
452
Project Zero blog: "Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)" by
@laginimaineb
-
2
422
432
Excited to welcome
@NedWilliamson
to Project Zero today! A keen viewer might have noticed that Ned was previously working with us on a 20% project, but now will be joining the team full time. Welcome, Ned!
21
37
438
Project Zero blog: "Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices" by
@laginimaineb
-
4
272
385
Project Zero blog: "Over The Air - Vol. 2, Pt. 2: Exploiting The Wi-Fi Stack on Apple Devices" by
@laginimaineb
-
8
318
380
Project Zero blog: "Virtually Unlimited Memory: Escaping the Chrome Sandbox" by Mark Brand -
2
201
395
Project Zero blog: "Using Binary Diffing to Discover Windows Kernel Memory Disclosure Bugs" by
@j00ru
-
5
270
380
Project Zero blog: "365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools" by
@ifsecure
-
0
186
357
Project Zero blog: "Windows Exploitation Tricks: Abusing the User-Mode Debugger" by James Forshaw (
@tiraniddo
) -
1
212
375
Project Zero blog: "Injecting Code into Windows Protected Processes using COM - Part 1" by
@tiraniddo
-
1
231
360
Project Zero blog: "Exception-oriented exploitation on iOS" by Ian Beer -
9
178
323
In addition to last week's Chrome/freetype 0day (CVE-2020-15999), Project Zero also detected and reported the Windows kernel bug (CVE-2020-17087) that was used for a sandbox escape. The technical details of CVE-2020-17087 are now available here:
3
164
336
Project zero guest blog post: "Escaping the Chrome Sandbox with RIDL" by Stephen Röttger (
@_tsuro
)--
1
141
339
Project Zero blog: "Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)" by
@laginimaineb
-
4
305
325
I'll be speaking at Black Hat this year on lessons learned from the past 5 years of Project Zero, and other fun things!
ANNOUNCEMENT: The first 5 Briefings selected for
#BHUSA
2019 have just been posted. Lots more to come, but check out these abstracts for an early sampling
0
19
58
3
50
320
Project Zero guest blog post: "Exploiting the Linux kernel via packet sockets" by
@andreyknvl
-
0
269
321
Project Zero blog post: "Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege" by James Forshaw (
@tiraniddo
) -
0
217
301
In three years, Project Zero has helped fix over 1000 vulnerabilities:
5
145
309
Project Zero blog: "Adventures in Video Conferencing Part 1: The Wild World of WebRTC" by
@natashenka
-
0
165
310
Project Zero blog: "Injecting Code into Windows Protected Processes using COM - Part 2" by
@tiraniddo
-
0
177
294
Project Zero blog: "Searching statically-linked vulnerable library functions in executable code" by
@halvarflake
-
2
168
283
Today Chrome fixed two more vulnerabilities that were being actively exploited in the wild (discovered by Project Zero/Google TAG last week). CVE-2020-16009 is a v8 bug used for remote code execution, CVE-2020-16010 is a Chrome sandbox escape for Android.
5
117
287
We'll continue to research Apple platforms and provide Apple with all of our findings, because we think that's the right thing to do for user security. But I'll confess, I'm pretty disappointed.
3
23
277
I'm very excited to be switching to a "technical lead" role at Project Zero! Tim Willis (
@itswillis
) will be taking over our team management role, and I'll continue working with Tim on leadership stuff, but with more of a research focus overall. (1/2)
12
18
290
We're excited to welcome
@_bazad
to Project Zero! He'll be continuing his research work on iOS/macOS security.
8
33
271
Project Zero blog: "Windows Exploitation Tricks: Exploiting Arbitrary Object Directory Creation for Local Elevation of Privilege" by
@tiraniddo
-
1
190
273
Jann Horn (
@tehjh
) from Project Zero discovered and reported an attack to read privileged memory with a side-channel:
3
212
264
Next up for me: a short break to enjoy the summer here in San Diego, and then I'll be starting my own company focused on application security -- a new set of challenges! 3/3
28
2
282
"Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild." -- (another discovery by
@_clem1
)
5
157
255
How can you show that a bug is exploitable without actually writing an exploit? Exploit equivalence classes.
8
124
328
Project Zero blog "Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read" by
@tiraniddo
-
0
235
254
Nice new WiFi remote iOS bug from
@i41nbeer
today, CVE-2020-3843. "Currently this poc demonstrates the ability to remotely dump device physical memory regions
over the air with no user interaction on iPhone 11 Pro running iOS 13.3."
A little PoC for dumping physical memory from iPhone 11 pro, no cables required ;)
32
417
1K
1
104
257
Project Zero blog: "voucher_swap: Exploiting MIG reference counting in iOS 12" by Brandon Azad (
@_bazad
) -
1
91
229
Project Zero blog: "The Curious Case of Convexity Confusion" by Ivan Fratric (
@ifsecure
) -
0
93
232
Project Zero blog: "OATmeal on the Universal Cereal Bus: Exploiting Android phones over USB" by
@tehjh
-
1
151
234
New blog post series from
@5aelo
on exploiting the WebKit JIT engine! Part 1 (introducing a JIT engine bug): Part 2 (getting arbitrary read/write): Part 3 (bypassing PAC and the final exploit):
2
102
231
Project Zero blog: "Heap Feng Shader: Exploiting SwiftShader in Chrome" by Mark Brand -
0
119
204
Ian Beer's exploit for CVE-2017-2370 (kernel memory r/w on iOS 10.2):
5
156
191
"How to Build a Fuzzing Corpus" introduces some of the basic theory behind using a seed corpus for fuzzing, and answers three key questions: what is a seed corpus, why are they useful, and how can we build one from scratch?
5
84
223
In 2015, Google Project Zero reported 17% of all MS security bugs, and 37% of Adobe Flash bugs. Ian Beer alone was 8% of iOS/OSX CVEs.
7
190
195
PSA from Ian Beer: if you’re interested in bootstrapping iOS sandbox and kernel research, keep a research-only device on 10.1.1.
6
106
178
Project Zero blog: "Examining Pointer Authentication on the iPhone XS" by Brandon Azad (
@_bazad
) -
4
87
196
Project Zero blog: "Taking a page from the kernel's book: A TLB issue in mremap()" by
@tehjh
-
2
105
183
Project Zero blog: "Lifting the (Hyper) Visor: Bypassing Samsung’s Real-Time Kernel Protection" by
@laginimaineb
-
0
163
174
I think we first asked Apple for a security research test device in 2014 or early 2015. And since then we've reported over 350 security vulnerabilities to Apple.
2
17
171
Project Zero blog: "SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4" by Ned Williamson (
@NedWilliamson
) --
0
87
186
I just posted an article called "The Legacy of Stagefright" which explores the impact that the Stagefright vulnerabilities had on Android platform security:
3
73
185
Project Zero blog: "Bypassing Mitigations by Attacking JIT Server in Microsoft Edge" by
@ifsecure
-
1
104
164
Project Zero blog: "A day^W^W Several months in the life of Project Zero - Part 1: The Chrome bug of suffering" by Sergei Glazunov and Mark Brand --
1
55
159
Talking to
@5aelo
about this recently, it sounded like Apple put a non-trivial amount of effort in to improving iMessage security in iOS 14 (IIRC: a significant rewrite, reduction of native code, better sandboxing, breaking the read receipts oracle, and fixing some PAC bypasses).
3
41
161
Project Zero blog: "Drawing Outside the Box: Precision Issues in Graphic Libraries" by
@ifsecure
and Mark Brand --
1
97
163
New Isosceles blog: -- "An Introduction to Exploit Reliability" is a short, high-level overview of exploit reliability from a defensive point-of-view. What is exploit reliability? What can defenders do to make writing a reliable exploit harder?
4
47
165
@laginimaineb
We also released the memory research platform for iOS that is described in Part 1 here:
1
75
148
Our good friend
@_bazad
has a few things left over in the Project Zero publishing pipeline -- "it's really easy to miss bugs, even ones that you feel should have been obvious".
3
33
156
And remarkably,
@natashenka
individually reported 25% of all Flash bugs, making her the most prolific reporter of Adobe vulns in 2015.
6
90
136
Project Zero blog: "task_t considered harmful" by Ian Beer (design issue in iOS/MacOS) -
3
142
141
What is a "good" Linux Kernel bug? "In the world of vulnerability research, we like to call bugs 'good' if they're bad, and 'bad' if they're either boring or completely catastrophic."
3
59
154
I'm particularly proud of my team at Project Zero. The past 8 years have been one huge adventure, and I've had the best companions along the way. I'm just so genuinely grateful to have been a part of this team. Keep making great art, and I'll see you all soon! 2/3
1
2
145
1
149
140
Project Zero blog: "Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641" by Samuel Groß (
@5aelo
) --
0
55
132
Project Zero blog: "Android Messaging: A Few Bugs Short of a Chain" by Natalie Silvanovich (
@natashenka
) -
1
54
127
Phineas Fisher, Hacktivism, and Magic Tricks -- a brief look back at the hacking techniques and lasting impact of Phineas Fisher.
6
48
133
Welcome Tim Willis (
@itswillis
) to Project Zero! Tim will be working as an engineering manager/team lead in our Zurich office, initially focusing on partnerships, policy, and strategy. Will this be the moment that Tim finally starts using Twitter? Only time will tell...
8
7
122
Project Zero blog: "Bad Binder: Android In-The-Wild Exploit" by Maddie Stone (
@maddiestone
) -
1
64
120