BLOG

Vs com.apple.security.sandbox (CanSecWest 2019)

On March 20th 2019 I presented at the 2019 CanSecWest conference a talk on reverse engineering the Apple iOS sandbox kernel extension entitled Vs com.apple.security.sandbox. I really enjoyed the conference, traveling to Vancouver, and meeting a lot of people interested in my research.

Straight outta VMware (Microsoft BlueHat v18, Black Hat Europe 2018)

This post provides a short summary of my conference presentations at Microsoft's BlueHat v18 (Redmond, USA) and at Black Hat Europe 2018 (London, UK) on VMware workstation exploitation,

Program Instrumentation with and without Source Code (FOSSCOMM 2018)

CENSUS was one of the sponsors of FOSSCOMM 2018, the annual free and open source communities conference, that took place this year in Heraklion, Crete. CENSUS participated in the conference with a two part presentation on Program Instrumentation.

Windows 10 RS2/RS3 GDI data-only exploitation tales (OffensiveCon 2018)

Hello, I'm Nikos Sampanis, a security researcher working at CENSUS. On February 16th, 2018 I presented at OffensiveCon a talk with the title "Windows 10 RS2/RS3 GDI data-only exploitation tales". The presentation focused on a mitigation introduced in the Win32k component of Microsoft Windows to prevent the exploitation of memory corruptions in the session heap (due to GDI object abuse).