Open in app

Sign in

Write

Sign in

Mikko Kenttälä
Mikko Kenttälä

100 Followers

Home

About

Apr 25

Alias file to rule them all — One click code execution with alias file in macOS

Summary (TL;DR) Late in 2020, I found a vulnerability chain from macOS where an attacker can use macOS Alias files to cause network mounts to be made on an arbitrary directory which will lead to arbitrary code execution (ACE) with user privileges with one click. This combined with TCC (privacy/access database) evasion…

Cybersecurity

6 min read

Alias file to rule them all — One click code execution with alias file in macOS
Alias file to rule them all — One click code execution with alias file in macOS
Cybersecurity

6 min read


Published in

SensorFu

·Aug 3, 2021

Escaping from a truly air gapped network via Apple AWDL

In the following post I go through how to escape from a truly air gapped network using Apple Wireless Direct Link -network and leveraging information leakage privacy issue in Apple devices. Issue was fixed by Apple on 24th of April 2021 with iOS 14.5, iPadOS 14.5, watchOS 7.4 …

Infosec

6 min read

Escaping from a truly air gapped network via Apple AWDL
Escaping from a truly air gapped network via Apple AWDL
Infosec

6 min read


Apr 1, 2021

Zero click vulnerability in Apple’s macOS Mail

Zero-Click Zip TL;DR I found a zero click vulnerability in Apple Mail, which allowed me to add or modify any arbitrary file inside Mail’s sandbox environment. This could lead to many bad things including unauthorized disclosure of sensitive information to a third party. An attacker can modify victim’s Mail configuration including mail redirects…

Information Security

4 min read

Zero click vulnerability in Apple’s macOS Mail
Zero click vulnerability in Apple’s macOS Mail
Information Security

4 min read


Published in

SensorFu

·Dec 14, 2020

Test for network leaks, discover a product flaw and get vendor to fix

Plot twist: this time it is not about us doing vulnerability research and reporting. This is a story about our customer in action, told to us by their CISO with a promise to share it anonymously. When there is a failure in network isolation — a leak — it gets…

Cybersecurity

4 min read

Test for network leaks, discover a product flaw and get vendor to fix
Test for network leaks, discover a product flaw and get vendor to fix
Cybersecurity

4 min read


Published in

SensorFu

·Oct 7, 2019

How my application ran away and called home from Redmond

I recently found a surprising leak vector in Windows 10 installations. We were porting our Beacon Application to Windows and for easy deployment. The plan was to create just one .exe including everything. However we found out that End Point Protection (EPP) solutions didn’t like that at all and we…

Information Security

3 min read

How my application ran away and called home from Redmond
How my application ran away and called home from Redmond
Information Security

3 min read


Published in

SensorFu

·Feb 20, 2019

SensorFu Beacon How To: 3 steps to always know if your isolated Linux leaks

When you need to build isolated and strictly restricted Linux environments for special purposes you want to know it truly is and stays isolated. Typically isolation is done with strict firewall rules, VLAN segregation or even with air gaps. But the common question remains. …

Docker

2 min read

SensorFu Beacon How To: 3 steps to always know if your isolated Linux leaks
SensorFu Beacon How To: 3 steps to always know if your isolated Linux leaks
Docker

2 min read


Published in

SensorFu

·Mar 2, 2018

Why Ethernet Broadcast Escape Tests Matter

We recently implemented a network escape to SensorFu Beacon that uses Ethernet broadcasts. Why? First of all you can test all the hosts in the LAN (Local Area Network) with one packet. Second, with broadcast frames, all the devices in the LAN think the frame is for them. Once we…

Networking

3 min read

Why Ethernet Broadcast Escape Tests Matter
Why Ethernet Broadcast Escape Tests Matter
Networking

3 min read

Mikko Kenttälä

Mikko Kenttälä

100 Followers

Happy hacker

Following
  • Ossi Herrala

    Ossi Herrala

  • alatalo

    alatalo

  • janikenttala

    janikenttala

  • s3pp4

    s3pp4

  • sensorfu

    sensorfu

See all (9)

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams