Overview
Syllabus
Intro
iOS Security Overview
What is jailbreak?
Jailbreak types
Initial attack vector strategies
Making jailbreak if you have bugs
Making jailbreak if you don't have bugs
Arbitrary code execution strategies
Escalating privileges strategies
Bypassing KASLR strategies
Bypassing DEP strategies
Seeking for patches in kernel
Kernel patches in detail
Escalate privileges patch detailed
Kernel task patch detailed
Apple Mobile File Integrity (AMFI)
AMFI policy patch detailed
Sandbox patch detailed
Sandbox policies
_mapForlo lock patch detailed
Bypassing KPP strategies
How KPP works?
Original translation table
Create fake Level 3 table
BBQit Framework
Achieving persistence strategies
Achieving persistence example
Achieving persistence details
Cydia
iOS 10 security enhancements
KPP hardware mitigations
Future of jailbreaks
Black Hat Sound Bytes
Taught by
Black Hat