Blackwing Intelligence

Playing with Libmalloc in 2024

TL;DR

In this post, I introduce a new tool called heapster that allows you to play with macOS libmalloc. I walk you through how to use this tool and a couple strange things I found along the way.

... Read More

categories: #Blackwing Labs #research
tags: #vulnerability research #reverse engineering #tools #heap

A Touch of Pwn - Part I

TL;DR

Microsoft’s Offensive Research and Security Engineering (MORSE) asked us to evaluate the security of the top three fingerprint sensors embedded in laptops and used for Windows Hello fingerprint authentication. Our research revealed multiple vulnerabilities that our team successfully exploited, allowing us to completely bypass Windows Hello authentication on all three laptops.

... Read More

categories: #Blackwing Labs #research
tags: #vulnerability research #exploit development #reverse engineering #cryptography

Dissecting CVE-2013-1899

So, last week the Postgresql group released an update to its popular open-source RDBMS to address a security issue – pretty standard… This particular update though was pretty highly anticipated, primarily because a week prior to its release the Postgres devs posted a rather ominous message to the pgsql-hackers mailing list (http://www.postgresql.org/message-id/[email protected]) stating that the upcoming release would contain fixes for a security issue that was “sufficiently bad” enough to warrant temporarily closing down access to the public git repository until updated packages were available. ... Read More

categories: #Blackwing Labs
tags: #RCE #Exploits #Postgresql