- Feed Preview Project Zero
The Windows Registry Adventure #4: Hives and the registry layout
Posted by Mateusz Jurczyk, Google Project Zero To a normal user or even a Win32 application developer, the registry layout may seem simple: there are five root keys that we know from Regedit (a...
https://googleprojectzero.blogspot.com/2024/10/the-windows-registry-adventure-4-hives.html
The Windows Registry Adventure #3: Learning resources
Posted by Mateusz Jurczyk, Google Project Zero When tackling a new vulnerability research target, especially a closed-source one, I prioritize gathering as much information about it as possible...
https://googleprojectzero.blogspot.com/2024/06/the-windows-registry-adventure-3.html
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Posted by Sergei Glazunov and Mark Brand, Google Project Zero Introduction At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much o...
https://googleprojectzero.blogspot.com/2024/06/project-naptime.html
Driving forward in Android drivers
Posted by Seth Jenkins, Google Project Zero INTRODUCTION Android's open-source ecosystem has led to an incredible diversity of manufacturers and vendors developing software that runs on a broa...
https://googleprojectzero.blogspot.com/2024/06/driving-forward-in-android-drivers.html
The Windows Registry Adventure #2: A brief history of the feature
Posted by Mateusz Jurczyk, Google Project Zero Before diving into the low-level security aspects of the registry, it is important to understand its role in the operating system and a bit of his...
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-2.html
The Windows Registry Adventure #1: Introduction and research results
Posted by Mateusz Jurczyk, Google Project Zero In the 20-month period between May 2022 and December 2023, I thoroughly audited the Windows Registry in search of local privilege escalation bugs....
https://googleprojectzero.blogspot.com/2024/04/the-windows-registry-adventure-1.html
First handset with MTE on the market
By Mark Brand, Google Project Zero INTRODUCTION It's finally time for me to fulfill a long-standing promise. Since I first heard about ARM's Memory Tagging Extensions, I've said (to far too m...
https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html
An analysis of an in-the-wild iOS Safari WebContent to GPU Process exploit
BY IAN BEER A graph representation of the sandbox escape NSExpression payload In April this year Google's Threat Analysis Group, in collaboration with Amnesty International, discovered an ...
Analyzing a Modern In-the-wild Android Exploit
By Seth Jenkins, Project Zero INTRODUCTION In December 2022, Google’s Threat Analysis Group (TAG) discovered an in-the-wild exploit chain targeting Samsung Android devices. TAG’s blog post...
https://googleprojectzero.blogspot.com/2023/09/analyzing-modern-in-wild-android-exploit.html
MTE As Implemented, Part 1: Implementation Testing
By Mark Brand, Project Zero BACKGROUND In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE (Memory Tagging Exte...
https://googleprojectzero.blogspot.com/2023/08/mte-as-implemented-part-1.html
Exploiting null-dereferences in the Linux kernel
Posted by Seth Jenkins, Project Zero For a fair amount of time, null-deref bugs were a highly exploitable kernel bug class. Back when the kernel was able to access userland memory without restr...
https://googleprojectzero.blogspot.com/2023/01/exploiting-null-dereferences-in-linux.html
DER Entitlements: The (Brief) Return of the Psychic Paper
Posted by Ivan Fratric, Project Zero Note: The vulnerability discussed here, CVE-2022-42855, was fixed in iOS 15.7.2 and macOS Monterey 12.6.2. While the vulnerability did not appear to be expl...
https://googleprojectzero.blogspot.com/2023/01/der-entitlements-brief-return-of.html
Exploiting CVE-2022-42703 - Bringing back the stack attack
Seth Jenkins, Project Zero This blog post details an exploit for CVE-2022-42703 (P0 issue 2351 - Fixed 5 September 2022), a bug Jann Horn found in the Linux kernel's memory management (MM) su...
Mind the Gap
By Ian Beer, Project Zero Note: The vulnerabilities discussed in this blog post (CVE-2022-33917) are fixed by the upstream vendor, but at the time of publication, these fixes have not yet made ...
https://googleprojectzero.blogspot.com/2022/11/mind-the-gap.html
A Very Powerful Clipboard: Analysis of a Samsung in-the-wild exploit chain
Posted by Maddie Stone, Project Zero Note: The three vulnerabilities discussed in this blog were all fixed in Samsung’s March 2021 release. They were fixed as CVE-2021-25337, CVE-2021-25369, ...
RC4 Is Still Considered Harmful
By James Forshaw, Project Zero I've been spending a lot of time researching Windows authentication implementations, specifically Kerberos. In June 2022 I found an interesting issue number 2310 ...
https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
The quantum state of Linux kernel garbage collection CVE-2021-0920 (Part I)
A deep dive into an in-the-wild Android exploit Guest Post by Xingyu Jin, Android Security Research This is part one of a two-part guest blog post, where first we'll look at the root cause of...
https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html