Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Self-Signed Certificates: Exploiting Insecure Certificate Validation in iOS and macOS

nullcon via YouTube

Overview

Explore the critical vulnerabilities in iOS and macOS certificate validation through this 46-minute conference talk from Nullcon Goa 2023. Delve into the intricacies of TLS authentication, learn about the history of insecure server certificate validation in Apple's operating systems, and discover new exploits affecting both iOS and macOS. Gain insights into the newly released tool, certmitm, which automatically detects and exploits insecure certificate validation vulnerabilities in TLS clients. Understand the implications for penetration testers and bug bounty hunters, and examine Apple's approach to addressing these security concerns. Download accompanying slides to enhance your understanding of this crucial topic in cybersecurity.

Syllabus

Introduction
Certificates
Certmitm demo
Apple CVEs
Penetration testers & Bug bounty hunters
Apple

Taught by

nullcon

Reviews

Start your review of Self-Signed Certificates: Exploiting Insecure Certificate Validation in iOS and macOS

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.