Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

macOS Security Features Bypasses by Example

nullcon via YouTube

Overview

Explore macOS security features and their vulnerabilities in this 48-minute webinar presented by Jonathan Bar Or, Principal Security Researcher at Microsoft. Delve into the fascinating world of macOS security, combining traditional POSIX security, BSD-based components, and Apple-proprietary elements. Learn about System Integrity Protection (SIP) rootless, rootless entitlements, and various SIP bypass techniques. Discover the intricacies of Transparency, Consent, and Control (TCC), including its database structure and Apple's stringent approach. Examine real-world TCC bypass methods, such as mounting backups, exploiting tccd, and the XCSSET malware technique. Conclude with a bonus discussion on potential SQL injection vulnerabilities in macOS security systems.

Syllabus

Introduction
macOS security
Apple-proprietary
SIP rootless
Rootless entitlements
SIP bypasses 101
Hunting for SIP bypasses
Easy exploit!
What is TCC?
The TCC database
Apple takes TCC very seriously
TCC bypass by mounting backups
TCC bypass by tccd exploit
TCC bypass by XCSSET malware
Bonus round - SQL injection???

Taught by

nullcon

Reviews

Start your review of macOS Security Features Bypasses by Example

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.