Completed
Intro
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Exploiting Userland Vulnerabilities to Get Rogue App Installed Remotely on iOS 11
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Agenda
- 3 Typical exploit chain (mobile Pwn20wn) 1/2
- 4 Why not a kernel bug to escape the sandbox?
- 5 iOS sandbox overview
- 6 Our strategy on sandbox bypass
- 7 General approach to exploit double free
- 8 Problem 1: fill in object B
- 9 Problem 2: stable race to fill
- 10 CF object fill into vm_allocate
- 11 The strategy doesn't work
- 12 Android Comparison
- 13 Pegasus APT
- 14 Initial Step: Setting up the required files
- 15 Final step, showing the app
- 16 Examining the roadblocks
- 17 iOS 12 sandbox hardening