Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Researching New Attack Interfaces on iOS and OSX

Hack In The Box Security Conference via YouTube

Overview

Explore new attack interfaces on iOS and OSX in this Hack In The Box Security Conference talk. Dive into the challenges of reverse engineering Apple's closed-source kernel and driver components, and learn effective techniques for exposing vulnerabilities. Discover a systematic approach to analyzing kernel attack surfaces, including methods for exploring new interfaces, conducting kernel and driver diff analysis, and leveraging dynamic tracing tools. Examine real-world examples of zero-day vulnerabilities found using these techniques, such as integer overflows, out-of-bounds reads, and NULL page references. Gain insights into enhanced kernel fuzzing techniques and the use of KASAN in iOS/OSX kernels. Learn about open-source toolchains for interface exploration and a kernel vulnerability hunting system based on enhanced passive fuzzing.

Syllabus

Intro
Solution Overview
Attack Surfaces
Think about Apple System
New Attack Interfaces Generator
KEXTs Interfaces Analysis Flow
Classes inheritance relationship
Class/Method names re-fine
Connection Type - User Clients
User Client External Methods - Graceful
User Client External Methods - Ugly
Parse the External Method Dispatch Array
Analyze the ASM Instructions
Custom KEXT Analysis Engine
Generate CFG local information
Analyze key paths based on CFG
Emulate key instructions operation
Emulate register operation
Output User Client or external method information
Kernel Interfaces
Kernel Diff Methodology
Kernel Diff Analysis Practice (1/2)
KEXTs Diff Analysis
Disadvantages about KEXTs static analysis
Comparison of dynamic trace
Frida Hook in User Mode
xpe_connection_send_message API context
xpe_connection send message API context
Hunt more dynamic relation if you like
Dtrace introduction
Dtrace providers list
Dtrace seript (e.g. file probe)
Enhanced kernel fuzz
KASAN in iOS/OSX Kernel
Future plan
CVE-2018-4462 - Root Cause
OOB read in AMD Radeon X4000 Extension
OOB read-Root Cause
Over Flow-Root Cause
NULL PAGE Reference in Intel Accelerator
NULL PAGE Reference - Root Cause
Divide Zero in AMD Radeon X4000 Extension
Divide Zero - Root Cause

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Researching New Attack Interfaces on iOS and OSX

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.