Portfolio
Noteworthy projects of mine:
- Vulnerability Research
- Conference Talks
- OpenCore Legacy Patcher
- FeatureUnlock
- CryptexFixup
- Dortania Documentation
Vulnerability Research
Sample of some security vulnerabilities found in macOS applications commonly deployed in enterprise environments:
| Reference ID | Product | Affected Versions | Description |
|---|---|---|---|
| ________________ | ____________________________ | ____________________ | ____________________ |
| CVE-2024-27822 | macOS | 14.4.1 and older | Local Privilege Escalation |
| CVE-2024-34331 | Parallels Desktop | 19.3.0 and older | Local Privilege Escalation |
| CVE-2024-4395 | Jamf Compliance Editor | 1.3.0 and older | Local Privilege Escalation |
| CVE-2024-38811 | VMware Fusion | v13.5 and older | Arbitrary Code Execution |
| CVE-2024-25545 | Weave Desktop | Unresolved | Arbitrary Code Execution |
| Synology-SA-24:05 | Synology Surveillance Station Client | 2.1.3-2474 and older | Arbitrary Code Execution |
| CVE-2024-23755 | ClickUp Desktop App | 3.3.76 and older | Arbitrary Code Execution |
| CVE-2023-50975 | TD Advanced Dashboard | 3.0.3 and older | Arbitrary Code Execution |
| CVE-2023-7245 | OpenVPN | 3.4.7 and older | Arbitrary Code Execution |
| CVE-2023-50975 | TD Advanced Dashboard | 3.0.3 and older | Arbitrary Code Execution |
| CVE-2023-44077 | ShareBrowser XPC Services | 6.1.5.27 and older | Local Privilege Escalation |
Conference Talks
Apple’s (not so) Rapid Security Response
Objective by the Sea v7.0, December 2024
A look into Apple’s Rapid Security Response system, including the precursor, implementation details, challenges and where Apple’s been secretly deploying them to this day.
Electron Security: Making your Mac a worse place?
MacDevOpsYVR 2024, June 2024
Discusses the dangers of misconfigured Electron fuses for TCC bypasses, and unveiling Lectricus, a utility for programmatically detecting these vulnerable applications.
Legacy Macs, Modern Solutions
BSides Calgary 2023, November 2023
Deep dive into macOS’ tier 2 citizenship, and how OpenCore Legacy Patcher uses this to restore support for legacy machines allowing new features and security updates.
OpenCore Legacy Patcher
Project dedicated to keeping old, unsupported Macs out of the land fill and running the latest versions of macOS! Project relies on many components, including OpenCorePkg’s sophisticated injection system, Lilu’s kernel hooking and our own Python-based root volume patcher to restore hardware support including legacy Metal and OpenGL graphics rendering.
OpenCore Legacy Patcher is maintained by a small group of enthusiasts, and the work is no small task. We’ve reversed engineered many closed source binaries and frameworks, documented many unknown aspects of the operating system and develop patches and utilities to help get these older systems booted.
FeatureUnlock
XNU Kernel Extension dedicated to unlocking OS features for all Macs, relying on Lilu’s Kernel Hooking APIs. Unlocked features include Night Shift, SideCar, AirPlay to Mac, Universal Control and Continuity Camera for models as old as the 2007 iMac.
CryptexFixup
XNU Kernel Extension dedicated to restoring pre-Haswell OS support to macOS Ventura, relying on Lilu’s Kernel Hooking APIs. System is based on installing the Apple Silicon Cryptex, and having legacy Macs rely on Rosetta’s x86_64 dyld shared cache.
- Based on original Cryptex Findings: macOS Ventura and the new dyld shared cache system
Dortania Documentation
An organization dedicated to documenting the many aspects of macOS booting on PC hardware, we have consolidated much of the complicated nature of hackintoshing into multiple cohesive guides that many non-technical users can easily follow.
- OpenCore Install Guide
- Guide dedicated to the process of setting up, booting and installing a Hackintosh.
- Includes documentation on laptops, desktops, and machines in between.
- OpenCore Post-Install
- Guide dedicated to the clean up and miscellaneous fixes of hackintoshes once installed.
Other guides are listed here: