CVE-2018-4280: Mach port replacement vulnerability in launchd on macOS 10.13.5 leading to local privilege escalation and SIP bypass.
☆59Oct 28, 2018Updated 7 years ago
Alternatives and similar repositories for launchd-portrep
Users that are interested in launchd-portrep are comparing it to the libraries listed below
Sorting:
- Chaos iOS < 12.1.2 PoC by @S0rryMyBad since he posted it as a photo rather than a source code. Also cleaned up.☆64Mar 23, 2023Updated 2 years ago
- App sandbox escapes for macOS☆31May 20, 2020Updated 5 years ago
- CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6 leading to sandbox escape, privilege escalation, and codesign…☆259Nov 13, 2018Updated 7 years ago
- ☆32Apr 22, 2019Updated 6 years ago
- macOS kext for host_special_port(4) patch☆90Nov 13, 2023Updated 2 years ago
- Providing a great interface to the iOS kernel, hardware, threads and processes in a great research environment. (WIP)☆30Aug 6, 2019Updated 6 years ago
- Slides from my conference presentations.☆80Aug 5, 2020Updated 5 years ago
- powerd exploit : Sandbox escape to root for Apple iOS < 12.2 on A11 devices☆110Mar 28, 2019Updated 6 years ago
- CVE-2018-4248: Out-of-bounds read in libxpc during string serialization.☆54Jul 10, 2018Updated 7 years ago
- PoC☆212Jan 13, 2025Updated last year
- A library to execute code in the context of other processes on iOS 11.��☆82Jul 25, 2018Updated 7 years ago
- ☆105Dec 9, 2019Updated 6 years ago
- Accessing physical memory on iOS.☆52Sep 21, 2020Updated 5 years ago
- CVE-2017-13868: Information leak of uninitialized kernel heap data in XNU.☆27Dec 7, 2017Updated 8 years ago
- PoC for the iOS 11.4.1 and MacOS 10.13 kernel vulnerability in lio_listio☆78Oct 31, 2018Updated 7 years ago
- SnatchBox (CVE-2020-27935) is a sandbox escape vulnerability and exploit affecting macOS up to version 10.15.x☆32Dec 18, 2020Updated 5 years ago
- Lockdown related research, tools and POCs.☆90May 18, 2019Updated 6 years ago
- just a kernelgrabber, for those who can't reach out of sandbox☆18Feb 24, 2024Updated 2 years ago
- Segment-accurate iBoot/SecureROM loader for Binary Ninja & IDA Pro☆48Mar 7, 2026Updated 2 weeks ago
- iOS ARM64 kernel patchfinder☆78Aug 23, 2019Updated 6 years ago
- ☆16Jul 30, 2020Updated 5 years ago
- iOS 10.0-12.2 tfp0☆132Sep 3, 2019Updated 6 years ago
- xnu kernel heap info leak☆71Nov 21, 2019Updated 6 years ago
- on Mac 10.12.2☆20Aug 3, 2018Updated 7 years ago
- Local privilege escalation through macOS 10.12.1 via CVE-2016-1825 or CVE-2016-7617.☆66Jan 16, 2017Updated 9 years ago
- Radare2 plugin to parse modern iOS 64-bit kernel caches☆29Mar 10, 2019Updated 7 years ago
- Experiment to attempt to build Apple's dyld tools.☆64May 29, 2020Updated 5 years ago
- macOS 10.13.3 (17D47) Safari Wasm Exploit☆119Apr 19, 2018Updated 7 years ago
- ios kernel class tree☆23May 30, 2019Updated 6 years ago
- POC for CVE-2018-4327☆42Sep 13, 2018Updated 7 years ago
- An IDA Toolkit for analyzing iOS kernelcaches.☆301Jul 24, 2020Updated 5 years ago
- iOS KEXT loader 7.x-9.x☆96Aug 13, 2017Updated 8 years ago
- OS X 10.11.6 LPE PoC for CVE-2016-4655 / CVE-2016-4656☆101Oct 4, 2016Updated 9 years ago
- iOS Kernel Decompressor☆89May 12, 2020Updated 5 years ago
- Exploit for CVE-2018-4233, a WebKit JIT optimization bug used during Pwn2Own 2018☆180Feb 7, 2024Updated 2 years ago
- An IDA (Interactive Disassembler) script that can save a chunk of binary from an address.☆11Apr 10, 2019Updated 6 years ago
- some research results of sep☆20Apr 9, 2021Updated 4 years ago
- exploit for CVE-2018-4193☆69Feb 13, 2019Updated 7 years ago
- Demo: Anti Anti-Debug in iOS Kernel☆74Nov 29, 2017Updated 8 years ago