![](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Ficon-black-friday.png?auto=format&ixlib=php-4.1.0&s=fe56b83c82babb2f8fce47a2aed2f85d)
Overview
![](https://ccweb.imgix.net/https%3A%2F%2Fwww.classcentral.com%2Fimages%2Ficon-black-friday.png?auto=format&ixlib=php-4.1.0&s=fe56b83c82babb2f8fce47a2aed2f85d)
This course aims to teach learners about iOS sandbox escape techniques and vulnerabilities, focusing on mach messages and poorly designed daemons. By exploring mach ports within the sandbox, students will gain insights into Apple's API interactions. The course covers the creation of research tools, identification of vulnerabilities in daemons like SpringBoard and mDNSResponder, and the execution of arbitrary code outside the sandbox. The teaching method includes presentations, demonstrations, and sharing of research tools. This course is intended for individuals interested in mobile security, vulnerability research, and iOS exploitation.
Syllabus
Introduction
Agenda
What is iOS
Design of iOS
Chart Cache
Mock Messages
Lunch
iOS research difficulties
IDA
Sandbox Escape
Sandbox Target
Map Cache
Message Handler
callbacks
coldframe
decompression session
serialization
Python Implementation
Demo
Results
iOS 11 Refactor
Bluetooth Deep
Get Pair Devices
CV4095
Bug Fix
Bluetooth Session Token
Brute Force
Blue2D Demo
Bug Fixes
Global Variables
Token Change
Jailbreak
Spark
References
Credits
Questions
Taught by
Hack In The Box Security Conference