YoVDO

Finding Vulnerabilities in iOS - MacOS Networking Code

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Cybersecurity Courses Network Security Courses TCP/IP Courses macOS Security Courses Vulnerability Analysis Courses Socket Programming Courses iOS Security Courses

Course Description

Overview

Explore the intricacies of iOS and macOS networking code vulnerabilities in this 50-minute conference talk from the Hack In The Box Security Conference. Delve into the complexities of networking protocols and their impact on code security. Learn about the discovery of multiple remote code execution vulnerabilities in Apple's XNU operating system kernel, specifically related to mbuf processing. Gain insights into network packet structures, the mbuf datatype, and how XNU processes them. Examine corner cases that led to vulnerabilities and understand the custom variant analysis technique using Semmle QL for bug discovery. Discover C programming techniques used to implement proof-of-concept exploits, complete with kernel-crashing demonstrations. Cover topics such as TCP/IP packet structure, TCP options, raw socket programming, stack buffer overflow, and NFS mount vulnerabilities. Acquire knowledge about security research methodologies, including the use of Query Language (QL) for finding and analyzing potential vulnerabilities in complex networking code.

Syllabus

Introduction
Story of 3 bugs
Extra topics
PacketMangal bug
Finding security vulnerabilities
Query Language QL
TCPIP Packet Structure
TCP Options
Raw Socket Programming
The Fix
The struct
Whats an nbar
Whats an EM buff
Stack Buffer Overflow
Infinite Loop Bug
NFS Mount
M buff copy
Macros
Fake NFS Server
Eve 999
Packet Mangler
Source and Sink
Query Results
Query Explanation
Conclusion


Taught by

Hack In The Box Security Conference

Related Courses

Introduction To Ethical Hacking
Codecademy
Unlocking Information Security II: An Internet Perspective
Tel Aviv University via edX
An Introduction to Ethical Hacking with Kali Linux
Packt via Coursera
Ciberseguridad. Bases y estructuras para la protección de la información
Universidad Anáhuac via edX
CVE Series: Spring4Shell (CVE-2022-22965)
Cybrary