The DYLD_PRINT_TO_FILE environment variable can be used for local privilege escalation in OS X Yosemite.
SektionEins organises an OS X and iOS Kernel Internals for Security Researcher Training in Frankfurt in October 2015.
SektionEins organizes a 3-day training about secure iOS application development between 21th - 23rd October 2015.
The mach_port_kobject() API function in iOS 8.1.2 and OSX 10.10 can be used to defeat the kernel address obfuscation mitigation.
The iPhone jailbreak Pangu for iOS 7.1-8.1 installs unlicensed code on millions of iDevices.
A vulnerability in WebEdition CMS's captcha implementation allows remote code execution.
Vulnerabilities in PHP's unserialization code for various SPL object types potentially allows remote code execution.
SektionEins organises a third iOS Kernel Exploitation Training in Frankfurt in November 2014.
A vulnerability in PHP's phpinfo() function allows PHP scripts to read arbitrary strings from memory.
iOS 7.1.1 was jailbroken with techniques taught in our iOS 7 Kernel Exploitation Trainings
A brain dump of security related todo items when deploying an application such as a VoIP server software.
SektionEins released a quick and dirty experimental fix for this vulnerability.