IOSurface exploit

Public API, examples, documentation and issues for Binary Ninja

iOS <=26.0.1 DarkSword Kernel Exploit reimplemented in Objective-C

DarkSword webkit exploit captured ITW

Claude Code skills that turn any codebase into an interactive knowledge graph you can explore, search, and ask questions about (Multi-platform e.g., Codex are supported).

IOGPUFamily bitmap_mask underflow → kernel heap OOB write. First public PoC. Original discovery by Wang Yu of Cyberserval.

🧠 Web Neural Network API

Slides from Off-By-One Conferences

A collection of proof-of-concept exploit scripts written by the STAR Labs team for various CVEs that they discovered or found by others.

Headers. Not for documents. Not the opposite of footers.

AI-powered reverse engineering assistant that bridges IDA Pro with language models through MCP.

Generate Objective-C headers from Mach-O files.

IDA helper plugin to reverse engineer Objective-C code

deobfuscated JS and blobs from https://b27[.]icu, first attempt at using claude

Custom Agent and Tooling for using Nyx with Firefox

The source of various tools from Jonathan Levin for the brew tap

Bidirectional XPC message interception and more. Powered by Frida

Training neural networks on Apple Neural Engine via reverse-engineered private APIs

Everything we actually know about the Apple Neural Engine (ANE)

CLI Tools For ANE

Collection of my bugs and CVE, with PoC or writeup

Project Zero Docs and Tools

crashmon - A LLDB Based replacement for CrashWrangler

tart, but with custom AVPBooter ROM, serial I/O, DFU mode, GDB debugging (port 8000), SEP debugging (port 8001), and panic halting. See help menus for `tart create` and `tart run` for more info. Re…

Yet another xpc sniffer