Showing Posts About

James loureiro

The Mate Escape - Huawei Pwn2Owning

A presentation at Hacktivity 2018 explored vulnerability discovery techniques targeting the Huawei Mate 9 Pro by focusing on logic bugs in Android platforms. The talk highlighted the expanding attack surface of logic vulnerabilities as memory corruption exploitation becomes increasingly challenging. Techniques for rapidly identifying potential remote compromise vulnerabilities across mobile handsets were discussed.

Huawei Mate 9 Pro Mobile Pwn2Own 2017

A whitepaper details vulnerabilities discovered in the Huawei Mate 9 Pro during Mobile Pwn2Own 2017. The document focuses on security issues found in the Huawei Reader and HIApp applications. Technical details of the vulnerabilities and exploitation methods are presented in the document.

Biting the Apple that feeds you - macOS Kernel Fuzzing

An automated kernel fuzzing framework was developed for the macOS XNU kernel using an in-memory fuzzer with static and dynamic analysis techniques. The framework targeted core subsystems to identify critical vulnerabilities in macOS. The approach aimed to address the limited existing automated kernel fuzzing solutions for the Apple platform.

Platform Agnostic Kernel Fuzzing

Platform agnostic kernel fuzzing research developed a method for systematically testing system and library calls across Windows and POSIX kernels. The approach focused on effectively logging crashes, reproducing vulnerabilities, and scaling fuzzing across multiple virtual machines. The research provided a framework for identifying kernel-level bugs through comprehensive and methodical testing.

Why Bother Assessing Popular Software?

A presentation at BSides London 2015 examined software security vulnerabilities through a case study of Adobe Reader. The analysis focused on investigating the attack surface of the software by examining its JavaScript API, PDF Rendering Engine, and Sandbox. High-risk security vulnerabilities were identified during the detailed technical assessment.