Our editorial team has handpicked the best of the best talks at DEF CON 26 -is one of the world's largest hacker conventions, held annually in Las Vegas, Nevada. Following is the list of top talks on MAC/iOS Security at DEF CON 26.
DEFCON 2018, 26th Def-Con Hacking Conference is among one of the most main event on Computer, Information Technology, Cyber Security, Software, Hacking and Hack topics.
(Source: DEF CON 26)
1. Fire & Ice: Making and Breaking macOS Firewalls
Speakers:
Patrick Wardle, Chief Research Officer, Digita Security
In this talk, we'll first dive into what it takes to create an effective firewall for macOS. Yes we'll discuss core concepts such as kernel-level socket filtering—but also how to communicate with user-mode components, install privileged code in a secure manner, and simple ways to implement self-defense mechanisms (including protecting the UI from synthetic events).
2. The Mouse is mightier than the sword
Speakers:
Patrick Wardle, Chief Research Officer, Digita Security
In this talk we'll discuss a vulnerability (CVE-2017-7150) found in all recent versions of macOS that allowed unprivileged code to interact with any UI component including 'protected' security dialogues. Armed with the bug, it was trivial to programmatically bypass Apple's touted 'User-Approved Kext' security feature, dump all passwords from the keychain, bypass 3rd-party security tools, and much more! And as Apple's patch was incomplete (surprise surprise) we'll drop an 0day that (still) allows unprivileged code to post synthetic events and bypass various security mechanisms on a fully patched macOS box!
3. One bite and all your dreams will come true: Analyzing and Attacking Apple Kernel Drivers
Speakers:
- Xiaolong Bai, Security Engineer, Alibaba Inc.
- Min (Spark) Zheng, Security Expert, Alibaba Inc.
In this talk, we will share our experience of analyzing and attacking Apple kernel drivers. In specific, we will introduce a new tool called Ryuk. Ryuk employs static analysis techniques to discover bugs by itself or assist manual review.
In addition, we further combine static analysis with dynamic fuzzing for bug hunting in Apple drivers. In specific, we will introduce how we integrate Ryuk to the state-of-art Apple driver fuzzer, PassiveFuzzFrameworkOSX, for finding exploitable bugs.
4. Fasten your seatbelts: We are escaping iOS 11 sandbox!
Speakers:
- Min (Spark) Zheng, Security Expert, Alibaba Inc.
- Xiaolong Bai, Security Engineer, Alibaba Inc.
In this talk, we will first introduce Apple's sandbox mechanism and profiles in the latest iOS. Then, we discuss iOS IPC mechanism and review several old classic sandbox escape bugs. Most importantly, we show two new zero-day sandbox escape vulnerabilities we recently discovered in the latest iOS 11.4. Besides, we share our experience of exploiting vulnerabilities in system services through OOL msg heap spray and ROP (Return-oriented programming). In addition, we discuss a task port exploit technique which can be used to control the whole remote process through Mach messages. By using these techniques, security researchers could find and exploit sandbox escape bugs to control iOS user mode system services and further attack the kernel.
5. Attacking the macOS Kernel Graphics Driver
Speakers:
Yu Wang, Senior Staff Engineer at Didi Research America
I discovered a number of vulnerabilities last year. Including, NULL pointer dereference, stack-based buffer overflow, arbitrary kernel memory read and write, use-after-free, etc. Some of these vulnerabilities were reported to Apple Inc., such as the CVE-2017-7155, CVE-2017-7163, CVE-2017-13883.
In this presentation, I will share with you the detailed information about these vulnerabilities. Furthermore, from the attacker's perspective, I will also reveal some new exploit techniques and zero-days.
Your Complete Guide To Top Talks @DEF CON 26
Get your FREE Guide on Top Talks @ DEF CON 26 . Our editorial team has gone through all the talks and handpicked the best of the best talks at DEF CON into a single guide. Get your Free copy today.
Comments