Privilege Escalation Using DOP in MacOS
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore an advanced exploit technique called Data-Oriented Programming (DOP) for privilege escalation in MacOS. Delve into the complexities of kernel exploitation using DOP, which requires three key primitives: information leakage, arbitrary address read, and arbitrary address write. Learn how DOP offers advantages over Return-Oriented Programming (ROP) by maintaining exploit effectiveness despite kernel code changes. Examine a real-world example of transforming a single heap buffer overflow vulnerability into a full privilege escalation attack using DOP techniques. Gain insights into the strengths and challenges of implementing DOP in practical scenarios, and understand its potential impact on MacOS security.
Syllabus
#HITB2023AMS D2T2 - Privilege Escalation Using DOP In MacOS - Y. Lee, J. Choi, J. Lee & S. Song
Taught by
Hack In The Box Security Conference
Related Courses
Getting Started with DOTS - Scripting Pong TutorialUnity via YouTube Data-Oriented Programming - On the Expressiveness of Non-Control Data Attacks
IEEE via YouTube Data-Oriented Programming in Java
Devoxx via YouTube Data-Oriented Programming in Java - Records, Sealed Classes, and Pattern Matching
Java via YouTube Java Language State of the Union - Latest Evolution and Features
Java via YouTube