about

Roee Hay / @roeehay / LinkedIn / GitHub / RSS

posts

• 2018-01-22 Exploiting Qualcomm EDL Programmers (5): Breaking Nokia 6's Secure Boot
• 2018-01-22 Exploiting Qualcomm EDL Programmers (4): Runtime Debugger
• 2018-01-22 Exploiting Qualcomm EDL Programmers (3): Memory-based Attacks & PBL Extraction
• 2018-01-22 Exploiting Qualcomm EDL Programmers (2): Storage-based Attacks & Rooting
• 2018-01-22 Exploiting Qualcomm EDL Programmers (1): Gaining Access & PBL Internals
• 2017-08-30 Untethered initroot (USENIX WOOT '17)
• 2017-06-13 Nexus 9 vs. Malicious Headphones, Take Two
• 2017-06-07 initroot: Hello Moto
• 2017-05-23 initroot: Bypassing Nexus 6 Secure Boot through Kernel Command-line Injection
• 2017-05-11 OnePlus OTAs: Analysis & Exploitation
• 2017-03-26 Owning OnePlus 3/3T with a Malicious Charger: The Last Piece of the Puzzle
• 2017-03-19 OnePlus 3/3T OxygenOS Unauthorized Boot Mode Changing
• 2017-03-08 Attacking Nexus 9 with Malicious Headphones
• 2017-02-08 Owning a Locked OnePlus 3/3T: Bootloader Vulnerabilities
• 2017-01-11 fastboot oem selinux permissive
• 2017-01-08 BootmodeChecker
• 2017-01-05 fastboot oem {config bootmode, enable-bp-tools/hw-factory}
• 2017-01-04 fastboot oem sha1sum
• 2016-09-01 fastboot oem panic
• 2016-02-27 Android Serialization Vulnerabilities Revisited (RSAC USA '16)
• 2015-08-10 One Class to Rule Them All (WOOT '15)
• 2015-03-11 (CVE-2014-8889) Remotely Exploitable Vulnerability in the Dropbox SDK for Android
• 2014-12-04 SpoofedMe
• 2014-10-31 Attacking the Linux PRNG On Android (WOOT '14 / BlackHat EU '14)
• 2014-08-07 (CVE-2014-3500/1/2) Remote Exploitation of Apache Cordova
• 2014-06-24 Android KeyStore Buffer Overflow (CVE-2014-3100)
• 2014-05-07 About the impact of the BIND SRTT Vulnerability
• 2014-03-27 Firefox for Android Vulnerabilities: Overtaking Firefox Profiles
• 2013-12-10 Android Fragment Injection
• 2013-08-13 Subverting BIND’s SRTT Algorithm (WOOT '13)
• 2012-07-24 Android DNS Poisoning: Randomness gone bad (CVE-2012-2808)
• 2012-07-21 Attacks on the IS-IS routing protocol
• 2012-05-03 Android SQLite Journal Information Disclosure (CVE-2011-3901)
• 2012-03-09 DNS poisoning via Port Exhaustion #3 on Top Ten Web Hacking Techniques of 2011!
• 2011-10-18 DNS poisoning via Port Exhaustion
• 2011-08-04 Android Browser Cross-Application Scripting (CVE-2011-2357)
• 2010-11-10 Babylon Cross-Application Scripting Code Execution
• 2009-08-03 Exploitation of CVE-2009-1869
• 2009-08-02 Advisory: Adobe Flash Player and AIR AVM2 intf_count Integer Overflow
• 2009-07-30 Adobe Flash Player Integer Overflow Remote Code Execution
• 2009-06-02 Apple QuickTime Image Description Atom Sign Extension Memory Corruption
• 2009-02-25 Adobe Flash Player Update
• 2008-10-08 Graphviz Buffer Overflow Code Execution
• 2007-11-10 Untrusted Gateways - Open wireless networks