A CLI for extracting libraries from Apple's dyld shared cache file

Kernel Address Space Layout Derandomization (KASLD) - A collection of various techniques to infer the Linux kernel base virtual address as an unprivileged local user, for the purpose of bypassing K…

virtual debug pod for RP2040 "Raspberry Pi Pico" with no added hardware

The first analysis framework for CPU microcode

Embedded Scalable Platforms: Heterogeneous SoC architecture and IP integration made easy

A guide for emulating macOS arm64e on an x86-based host.

Rhme2 challenge (2016)

Kernel extension that enables TSO for Apple silicon processes

This repo has been migrated to https://github.com/github/security-lab/tree/master/SecurityExploits

Nintendo DSi browser exploit

Simple EFI runtime driver that hooks GetVariable function and returns data expected by Windows to make it think that it's running with secure boot enabled (faking secure boot)

Lib kernel r/w

This repository contains several tools to perform Cache Template Attacks

tfp0 for iOS 9.0-9.3.4

Home-made almost operating system

Source code of the paper "Lord of the Ring(s): Side Channel Attacks on the CPU On-Chip Ring Interconnect Are Practical"

tools for setting and accessing advaned low-level CPU features

Official Intel SOCFPGA U-Boot repository. Note: (1) A "RC" labeled branch is for internal active development use and customer early access without official customer support. (2) Latest stable branc…

The monospaced bitmap font from IBM's 1985 'ASCII Display Station' (terminal), the IBM 3161. Includes versions for a multitude of devices and platforms. (Also on gitlab: https://gitlab.com/wyatt874…

macOS kext for host_special_port(4) patch

Local privilege escalation through macOS 10.12.1 via CVE-2016-1825 or CVE-2016-7617.

A tool to parse Apple's binary device tree format.

Patch the iBoot64 with generic patches.

Trigger the rowhammer bug on ARMv8