How a double-free bug in WhatsApp turns to RCE
1988 - project-zero - Project Zero - Monorail
120342 – Assertion "SolarMutex not owned!" fails when resizing image
179392 – We should PROT_NONE the Gigacage runway so OOB accesses crash
https://clustrmaps.com/person/Freund-aqfqef
QGOMS | Conference Companion on Human Factors in Computing Systems
GOMS - Wikipedia
Page Blanche
Release mode crashes when looping through text files (but not debug)
diotro/maestro
googleprojectzero/iOS-messaging-tools
gravitational/gravity
LinusHenze/WebKit-RegEx-Exploit
Did the “Man With No Name” Feel Insecure?
More Mac OS X and iPhone sandbox escapes and kernel bugs
pwn4fun Spring 2014 - Safari - Part II
Finding and exploiting ntpd vulnerabilities
A Token’s Tale
Exploiting the DRAM rowhammer bug to gain kernel privileges
A Tale of Two Exploits
In-Console-Able
Dude, where’s my heap?
Hack The Galaxy: Hunting Bugs in the Samsung Galaxy S6 Edge
Down the Rabbit-Hole...
Implant Teardown
SockPuppet: A Walkthrough of a Kernel Exploit for iOS 12.4
Remote iPhone Exploitation Part 1: Poking Memory via iMessage and CVE-2019-8641
Remote iPhone Exploitation Part 2: Bringing Light into the Darkness -- a Remote ASLR Bypass
Remote iPhone Exploitation Part 3: From Memory Corruption to JavaScript and Back -- Gaining Code Execution
Fuzzing ImageIO