Garrett

@[email protected]
72 Followers
181 Following
126 Posts
Security & Privacy. Opinions are my own.
GarrettSep 10, 2025
Show threadAllison HusainSep 9, 2025

/2 The trick behind this mitigation is to use the compiler to clamp all pointer offset operations in kernel code to a magnitude of less than 4GB. If you feel like grep-ing, the specific codegen for this clamp operation currently uses a special 0x2BAD poisoning pattern in the top 16 bits when the magnitude exceeds 4GB.

With some VA layout tricks to inject large 4GB unmapped gutters between major kernel VA regions, this has some delightful consequences.

GarrettFeb 10, 2024

I haven't ever played with frontend frameworks. Chapter 4 of the Next.js intro (layouts) got me to "whoah this is cool", and chapter 5 (navigation) has reached "witchcraft!"

Navigation without a full page refresh, including pre-fetching for fast nav. With almost no dev effort 🤯

GarrettJan 13, 2024
Maxton (Sean)Jan 13, 2024

Love this online recipe hack!
...

If you add “cooked.wiki/“ to beginning of ANY recipe url (before the https:/) it strips away everything but the recipe and organizes the ingredients and method into separate columns.

Also adds a dictation option too!

#cooking #recipe

GarrettJan 13, 2024

I'm... struggling to attach a debugger to a binary. #help

#macOS 14 on Apple Silicon, trying to debug an x86_64 binary. LLDB says status -1 (lost connection).

`DevToolsSecurity -status` says "Developer mode is currently enabled".

And Xcode's Debug Executable produces "The specified run destination name was not found".

GarrettOct 9, 2023
Is anyone playing with using m1n1 -> U-Boot -> SeaBIOS to boot #Windows 11 directly on #AppleSilicon? Or is there a path through Grub that could work?
GarrettOct 8, 2023
I recall seeing a solid infographic of the various #InfoSec related #career paths on the other network, but I've lost it. Does anyone have an overview (graphic or writeup) they recommend?
GarrettOct 4, 2023

I am super excited about Consumer Reports’ new app to easily opt out of data collection in the US.

https://apps.apple.com/us/app/permission-slip-by-cr/id1591285074

‎Permission Slip by CR

‎Permission Slip helps you control the data companies have about you. It’s no secret that companies are collecting, buying and selling data about us. Swipe through companies and start taking action. We’ll show you what data companies collect so you can set boundaries and regain control over your pers…

App Store
GarrettSep 25, 2023

Does someone understand the #0day fixed in iOS 17.0.1, or do we need to wait for #Google to publish a writeup? Google says it's a "PAC issue"[1], but the #Apple article says "A certificate validation issue was addressed".

A PAC bypass can't be certificate related, unless I'm really missing something.

[1] https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/
[2] https://support.apple.com/en-us/HT213926

0-days exploited by commercial surveillance vendor in Egypt

Google
GarrettJul 25, 2023
Peter KaminskiJul 25, 2023

I just donated $ to Internet Archive, it's that time of year.

Will you? https://archive.org/donate

They're good folks doing good work. I use the web Wayback Machine https://web.archive.org/ & scanned books library https://archive.org/details/inlibrary & more.

I super appreciate that they exist!

Internet Archive: Digital Library of Free & Borrowable Texts, Movies, Music & Wayback Machine

GarrettJul 6, 2023

Does this mean @defcon is cancelled? ;)

(Yes, it looks like a DDG bug)