Explore a detailed DEF CON 31 conference presentation that reveals a novel method for bypassing MacOS System Integrity Protection (SIP), a security technology designed to restrict root user capabilities and protect operating system integrity. Learn about the discovery of a technique that enables the creation of persistent malware capable of loading unauthorized kernel extensions, despite SIP's protective measures. Dive into the presenters' methodology, exploitation strategies, and reverse engineering processes used to achieve this bypass. Gain valuable insights into identifying similar SIP vulnerabilities and understand practical detection strategies that security teams can implement to defend against such attacks.
Getting a Migraine - Unique System Integrity Protection Bypass on macOS
Overview
Syllabus
DEF CON 31 - Getting a Migraine - Unique SIP Bypass on MacOS - Or, Pearse, Bohra
Taught by
DEFCONConference
Related Courses
-
macOS Security Features Bypasses by Example
-
Leveraging macOS Networking Frameworks to Heuristically Detect Malware
-
ModJack - Hijacking the MacOS Kernel
-
ELECTRONizing MacOS Privacy - A New Weapon in Red Teaming Armory
-
Manipulating Shim and Office Infrastructure for Code Injection and Privilege Escalation
