In 2003 he was the first to boot Linux directly from the hard disk of an unmodified XBOX through a buffer overflow in the XBOX font loader. However in his early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet Explorer. Since he became a PHP core developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. Stefan Esser is best known in the security community as the PHP security guy.
Additional Software will be made available during the training MacOS, with latest XCode and iOS 14.x SDK (or newer) Hexrays for ARM64 helpful, but not required IDA Pro 7.x license (ARM64 support required) A second Apple Mac Computer for Streaming the Course and as Host for Kernel Panic Dumps Apple Mac M1 based computer for Hands On Kernel Exploitation Overview over different vulnerability types commonly found in MacOS kernel and exploit strategies Analysis of public exploits and discussion how to improve them
Walkthrough of MacOS kernel memory corruption vulnerabilities # MacOS Kernel Vulnerabilities and their Exploitation Discussion of various weaknesses in these protections Including newest mitigations already known in latest kernels Includes software and hardware based mitigations like (KTRR, PAC, PAN) Discussion of MacOS Kernel Exploit Mitigations that we encounter Discuss weaknesses in current heap implementation Different techniques to control the kernel heap layout (including non-public ones) In-Depth Explanation of How the Kernel Heap works (up to date for MacOS Monterey) Damn Vulnerable M1 MacOS Kernel Extension How to load own kernel modules into Apple M1 kernels How to set up your M1 Mac for Kernel Exploitation The course will require trainees to have access to a Apple M1 Mac based computer in addition to the computer they use to stream the virtual training material and use as kernel debugging host. This means instead of first introducing the trainee to things like the MacOS kernel heap or to list all the different kernel security features we will first get into the exploitation of multiple vulnerabilities and then learn about the required background information when exploitation requires it. This training follows a hands on approach. We concentrate on MacOS instead of iOS because these devices make teaching and learning about cutting edge kernel exploitation against newest kernel mitigations a lot more accessible than it can be done with off the shelf iOS devices. This newly created course will introduce you to state of the art kernel exploitation of these security features on the latest Apple M1 based Macs. With the release of MacOS Monterey Apple has once again raised the bars in terms of kernel level security.
0 kommentar(er)
