Exploits

• CVE-2024-27829
  - Not an exploit but a colleague and me have got acknowledgement from Apple for a reported memory-corruption bug we discovered -
• CVE-2023-5345
  - Created a PoC from scratch and developed new primitives as well as ported older ones to recent kernel versions; no details in public -
• CVE-2023-20963 (Android Framework WorkSource)
  - LPE exploit for a EvilParcel-like vulnerability in the Android Framework that was used in the infamous PinDuoDuo app -
• CVE-2019-2215 (Bad Binder)
  - Just an own implementation of a widely known Android LPE; contact me if interested in details -
• CVE-2021-29627
  - Trigger and spray primitive for CVE-2021-29627 -
• CVE-2021-1782
  - An implementation of CVE-2021-1782 for macOS and iOS; stopped at one point -
• Chain3
  - An implementation of an iOS 11 exploit discovered by P0; write-up link in Blog -
• CVE-2019-5603 / FreeBSD-SA-19:15.mqueuefs
  - A FreeBSD privilege escalation 0-day discovered by me; with a novel technique to exploit this bug class on FreeBSD; write-up link in Blog -
• CVE-2019-5596 / FreeBSD-SA-19:02.fd
  - A FreeBSD privilege escalation n-day discovered by Peter Holm; with a novel technique to exploit this bug class on FreeBSD; write-up link in Blog -
• LimeSurvey
  - Undisclosed n-day RCE; contact me if interested in details -
• Undisclosed
  - Generally, a lot of my work is currently under NDA and only maybe published on blogs of my current or past employers :) -

Misc

• KeePassC
  - A pythonic pasword manager, compatible to KeePass -

You may find some other, probably uninteresting code at my GitHub page linked in the footer.