Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

ModJack - Hijacking the MacOS Kernel

Hack In The Box Security Conference via YouTube

Overview

Explore a groundbreaking kernel exploit technique for macOS High Sierra 10.13.6 in this 56-minute conference talk from the Hack In The Box Security Conference. Discover how a pure userspace logic bug chain can escalate privileges from a normal user to kernel level, bypassing both Secure Kernel Extension Loading (SKEL) and System Integrity Protection (rootless). Learn how this exploit abuses the sandbox, a security measure, to load an unsigned kernel extension. Examine the module hijacking method on a trusted binary, similar to UAC bypass techniques on Windows, and understand why this exploit's stability is exceptional due to the absence of memory corruption. Delve into the failures of mitigations like Library Validation, SKEL, and SIP against this exploit, and learn about Apple's response and subsequent mitigation in AppleMobileFileIntegrity (AMFI) on Mojave. Additionally, gain insights into a simple yet effective binary analysis tool that aided in discovering this and other logic privilege escalation bugs.

Syllabus

#HITB2019AMS D2T2 - ModJack: Hijacking The MacOS Kernel - Zhi Zhou

Taught by

Hack In The Box Security Conference

Reviews

Start your review of ModJack - Hijacking the MacOS Kernel

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.