A local privilege escalation chain from user to kernel for MacOS < 10.15.5. CVE-2020–9854
☆86Oct 15, 2020Updated 5 years ago
Alternatives and similar repositories for unauthd
Users that are interested in unauthd are comparing it to the libraries listed below
Sorting:
- ☆35Dec 20, 2020Updated 5 years ago
- Binary Format of iOS 13 Sandbox Profile Collection☆52Oct 30, 2019Updated 6 years ago
- kernel exploit for Apple iOS 13.X☆185Nov 27, 2020Updated 5 years ago
- Experiment to attempt to build Apple's dyld tools.☆64May 29, 2020Updated 5 years ago
- iOS 12.0-13.3 tfp0☆153Nov 16, 2020Updated 5 years ago
- p-joker -- iOS/MacOS kernelcache/kexts analysis tool☆111May 18, 2020Updated 5 years ago
- Objective C classdump for IDA Pro☆147Sep 1, 2020Updated 5 years ago
- Compromising the macOS Kernel through Safari by Chaining Six Vulnerabilities☆413Mar 19, 2021Updated 4 years ago
- Binary code-coverage fuzzer for macOS, based on libFuzzer and LLVM☆180May 19, 2025Updated 9 months ago
- IDA AArch64 processor extender extension: Adding support for ARMv8.5 memory tagging extension opcodes☆26Jul 6, 2020Updated 5 years ago
- PCIDriverKit proof-of-concept for CVE-2022-26763☆37Jul 2, 2022Updated 3 years ago
- SnatchBox (CVE-2020-27935) is a sandbox escape vulnerability and exploit affecting macOS up to version 10.15.x☆32Dec 18, 2020Updated 5 years ago
- MacOS kernel memory leak (4 bytes)☆30Apr 14, 2020Updated 5 years ago
- symbol dumps of iOS shared caches☆34Oct 15, 2022Updated 3 years ago
- PoC☆212Jan 13, 2025Updated last year
- ☆17May 19, 2022Updated 3 years ago
- macOS Kernel Exploit for CVE-2019-8781.☆294Oct 15, 2019Updated 6 years ago
- PoC for the iOS 11.4.1 and MacOS 10.13 kernel vulnerability in lio_listio☆78Oct 31, 2018Updated 7 years ago
- iOS <13.5 sandbox escape/entitlement 0day☆339Jan 5, 2026Updated 2 months ago
- CVE-2020-27950 exploit☆34Dec 1, 2020Updated 5 years ago
- An IDAPython module for enhancing c++ support on top of ida_kernelcache☆140May 15, 2025Updated 9 months ago
- Slides from my conference presentations.☆80Aug 5, 2020Updated 5 years ago
- iOS system call/Mach trap interception for checkra1n'able devices☆159Aug 10, 2021Updated 4 years ago
- A set of tools for fuzzing SecureROM. Managed to find and trigger checkm8.☆164Sep 18, 2021Updated 4 years ago
- ☆125Aug 3, 2024Updated last year
- an iOS kernel function hooking framework for checkra1n'able devices☆582Oct 6, 2021Updated 4 years ago
- IDA plugin to find code cross references to virtual functions using PAC codes☆147Mar 16, 2022Updated 3 years ago
- A tool for debugging macOS virtual machines☆113Jul 28, 2020Updated 5 years ago
- A collection of Apple-related CTF writeups☆15Jan 17, 2022Updated 4 years ago
- CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6 leading to sandbox escape, privilege escalation, and codesign…☆258Nov 13, 2018Updated 7 years ago
- An iOS kernel debugger based on a KTRR bypass for A11 iPhones; works with LLDB and IDA Pro.☆60May 20, 2021Updated 4 years ago
- LLDB wrapped and empowered by iPython's features☆155Feb 25, 2026Updated last week
- Another Virtualization.framework demo project, with focus to iBoot (WIP)☆176Dec 2, 2023Updated 2 years ago
- Bidirectional XPC message interception and more. Powered by Frida☆428Nov 9, 2022Updated 3 years ago
- slides for conference talks☆105Jul 27, 2025Updated 7 months ago
- ☆244Sep 21, 2021Updated 4 years ago
- Extreme Vulnerable IOKit driver☆93Jan 23, 2021Updated 5 years ago
- ☆133Dec 25, 2021Updated 4 years ago
- CVE-2018-4280: Mach port replacement vulnerability in launchd on macOS 10.13.5 leading to local privilege escalation and SIP bypass.☆59Oct 28, 2018Updated 7 years ago