Talks and Workshops

2025 Link to heading

Finding Vulnerabilities in Apple Packages at Scale (SecurityFest, MacDevOpsYVR)

Presentation

Video - SecurityFest 2025

Video - MacDevOpsYVR 2025

The Evolution of macOS Security from the Desert to the Lake (MacSysAdmin)

Presentation

Video - MacSysAdmin 2025

Crash One: A Starbucks Story - CVE-2025-24277 /CA: Gergely Kalman/ (Hexacon, Objective By The Sea)

Presentation

Video - Objective By The Sea v8.0

Video - Hexacon 2025

2024 Link to heading

Mac, Where’s My Bootstrap? /CA: Brandon Dalton/ (Objective By The Sea)

Presentation

Video - Objective By The Sea v7.0

Apple Disk-O Party (POC, BlackHat EU, BSidesBud 2025)

Presentation

Video - BlackHat EU 2024

Video - BSidesBudapest 2025

History of macOS DiskArbitration Vulnerabilities (MacSysAdmin, Hacktivity)

Presentation

Video - MacSysAdmin 2024

The Final Chapter: Unlimited ways to bypass your macOS privacy mechanisms /CA: Wojciech Regula/ (BlackHat Asia)

Presentation

Video - BlackHat Asia 2024

2023 Link to heading

Launch and Environment Constraints Deep Dive (MacSysAdmin, Objective By The Sea)

Presentation

Video - Objective By The Sea v6.0

Video - MacSysAdmin 2023

2022 Link to heading

20+ New Ways to Bypass Your macOS Privacy Mechanisms /CA: Wojciech Regula/ (BlackHat EU)

Presentation

Video - BlackHat EU 2022

macOS Vulnerabilities Hiding in Plain Sight (BlackHat Asia, Troopers, Zer0Con)

Presentation

Whitepaper

Video - Troopers 22

Video - BlackHat Asia 2022

The Achilles Heel of Endpoint Security (Objective By The Sea, MacSysAdmin)

Presentation

Video - Objective By The Sea v5.0

Video - MacSysAdmin 2022

Beyond the Good Ol’ LaunchAgents (SecurityFest, MacDevOpsYVR, BSidesBudapest 2023)

Presentation

Video - SecurityFest 2022

Video - MacDevOpsYVR 2022

Video - BSidesBudapest 2023

2021 Link to heading

Mount(ain) of Bugs (Objective By The Sea, Hacktivity)

Presentation

Video - Objective By The Sea v4.0

Video - Hacktivity 2021

Mitigating Exploits using Apple’s Endpoint Security Framework (Virus Bulletin, MacDevOpsYVR, ITBN)

Presentation

Whitepaper

Video - MacDevOpsYVR 2021

20+ Ways to Bypass Your macOS Privacy Mechanisms /CA: Wojciech Regula/ (BlackHat US, DEEP, AtHack)

Presentation

Video - BlackHat US 2021

Exploiting XPC in Antivirus Software /CA: Wojciech Regula/ (NullCon)

Presentation

Video - NullCon 2021

2020 Link to heading

XPC Exploitation on macOS (Hacktivity)

Presentation

Video - Hacktivity 2020

Exploiting Directory Permissions on macOS (HackInTheBox, BSidesBudapest)

Presentation

Video - HTB 2020

Video - BSidesBudapest 2020

2019 Link to heading

Getting root with Bening App Store Apps (Troopers, SecurityFest, Objective By The Sea)

Presentation

Video - Troopers 19

Video - Objective By The Sea v2.0

Video - SecurityFest 2019

GateKeeper: Bypass or not Bypass? (Hacktivity)

Presentation

Video - Hacktivity 2019

2018 Link to heading

Driver Signing Enforcement Bypass Workshop (DEF CON 26, hack.lu)

Presentation

Workbook

VM Setup Guide

Exercise Files

2017 Link to heading

How to Convince a Malware to Avoid Us (SecurityFest, Hacktivity)

Presentation

Video - SecurityFest 2017

Video - Hacktivity 2017

IOC Sharing: Why We are Doing it Wrong? (BSidesBudapest)

Presentation

2016 Link to heading

Exploit Generation and Automation with WinDBG /CA: Miklos Desbordes-Korcsev/ (Hacktivity, hack.lu, hek.si)

Presentation

Whitepaper

Video - hack.lu 2016

Video - Hacktivity 2016

Video - Hacktivity 2017

2015 Link to heading

Hello Anti-Disassembly Workshop (Hacktivity)

Workbook

Files

2014 Link to heading

Hello PDF Workshop (Hacktivity)

Workbook