Joined August 2011
- Tweets 1,258
- Following 209
- Followers 18,937
- Likes 1,437
30 Photos and videos
Pinned Tweet
13 Aug 2022
The slides for my Black Hat talk "XMPP Stanza Smuggling or How I Hacked Zoom" are now available at blackhat.com/us-22/briefingsβ¦
4
67
279
Ivan Fratric ππ retweeted
May 28
My and @natashenka 's talk from OffensiveCon is now available on YouTube! Watch for a tour of a zero-click to root exploit chain across multiple generations of Google Pixel!
youtube.com/watch?v=jpB_b6KGβ¦
1
24
79
9,884
Ivan Fratric ππ retweeted
May 29
Offensivecon's talks are now available on our YouTube channel!
π buff.ly/g63xgm5
1
100
340
24,541
In my OffensiveCon talk on Site Isolation yesterday, a question was asked that I didn't quite get at the moment so my answer was probably irrelevant. My apologies, especially since the question, as I understand it now, totally makes sense. Answering it here:
3
3
59
15,161
For that to happen, the request needs to be made with the user's (victim's) cookies. This is also the reason why disabling 3rd party cookies mitigates the attack.
1
1
7
3,183
I imagine the question was asked in reference to my 2nd demo, which admittedly wasn't very good in the sense that it showed a (partial) redirect url leak, but the url in that demo wasn't user specific.
1
3
2,126
Turns out adapting our 0click chain to work on Pixel 10 wasn't that hard... at least if you're into Android drivers as much as @__sethJenkins.
.@__sethJenkins updated our 0-click exploit chain to work on a Pixel 10 with an eye-popping driver bug!
Weβll be presenting this work Saturday @offensive_con
projectzero.google/2026/05/pβ¦
2
21
3,245
Ivan Fratric ππ retweeted
.@__sethJenkins updated our 0-click exploit chain to work on a Pixel 10 with an eye-popping driver bug!
Weβll be presenting this work Saturday @offensive_con
projectzero.google/2026/05/pβ¦
21
103
9,793
CVE-2026-28920 (Apple, zlib, found by Brendon Tiszka of Google Project Zero) sure looks fun :)
1
13
99
12,172
Ivan Fratric ππ retweeted
Apr 20
The fuzzer that found project-zero.issues.chromium⦠(and a number of issues prior to that as well) is now open-source: crrev.com/c/7580844
It uses pkeys, trap-handling and single-stepping to intercept and mutate in-sandbox reads (see trap-fuzzer.h). Definitely had fun writing it!
5
95
483
39,318
Ivan Fratric ππ retweeted
Just derestricted a now-fixed kernel bug in Pixel 10. I think this ranks as the most easily exploited kernel bug of all timeπ¬
Thanks to @tehjh for collab'ing on this driver and full credits for noticing this bug in the first 5 minutes of auditingπ
project-zero.issues.chromiumβ¦
5
46
187
17,409
I wrote a short blogpost on the quirks of grammar fuzzing (and, more generally, structure-aware fuzzing) and a simple trick I used to get more bugs out of it more quickly. projectzero.google/2026/03/mβ¦
4
48
185
12,585
Jackalope and Tinyinst have been working on arm64 macs for a while, but now you should also be able to run against arm64e binaries (i.e. binaries that ship with the os) with some modification to the system. For details, see github.com/googleprojectzeroβ¦
2
23
123
7,699
Ivan Fratric ππ retweeted
In the final part of his blog series, @tiraniddo tells the story of how a bug was introduced into a Windows API.
Code re-writes can improve security, but itβs important not to forget the security properties the code needs to enforce in the process.
projectzero.google/2026/02/gβ¦
54
191
21,311
How a single feature was responsible for 5 Windows Administrator Protection bypasses, in a new Project Zero blog post by @tiraniddo
Part 2 of @tiraniddoβs Windows Administrator Protection journey is here!
projectzero.google/2026/02/wβ¦
9
38
7,195
Ivan Fratric ππ retweeted
Part 2 of @tiraniddoβs Windows Administrator Protection journey is here!
projectzero.google/2026/02/wβ¦
47
124
21,540
New Project Zero blogpost by @dillon_franke on exploiting a coreaudiod bug on macOS. Quite a journey with a lot of unexpected roadblocks and how Dillon pulled it off in the end. projectzero.google/2026/01/sβ¦
9
62
5,041
Windows Administrator Protection is set to replace UAC, but as a supported security boundary. James Forshaw breaks it down in a new Project Zero blogpost. The blogpost features a tricky bypass that leverages multiple subtle Windows kernel quirks.
No security feature is perfect. @tiraniddo reviewed Windowsβ new Administrator Protection and found several bypasses.
projectzero.google/2026/26/wβ¦
7
41
6,203
New Project Zero blogpost series describing a 0-click exploit chain targeting Pixel 9, featuring a Dolby decoder bug spotted by yours truly.
Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices.
projectzero.google/2026/01/pβ¦
1
14
149
14,730
Ivan Fratric ππ retweeted
Today, Project Zero released a 0-click exploit chain for the Pixel 9. While it targets the Pixel, the 0-click bug and exploit techniques we used apply to most other Android devices.
projectzero.google/2026/01/pβ¦
7
236
1,022
117,070