Privilege Escalation Using DOP in MacOS
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore an advanced exploit technique called Data-Oriented Programming (DOP) for privilege escalation in MacOS. Delve into the complexities of kernel exploitation using DOP, which requires three key primitives: information leakage, arbitrary address read, and arbitrary address write. Learn how DOP offers advantages over Return-Oriented Programming (ROP) by maintaining exploit effectiveness despite kernel code changes. Examine a real-world example of transforming a single heap buffer overflow vulnerability into a full privilege escalation attack using DOP techniques. Gain insights into the strengths and challenges of implementing DOP in practical scenarios, and understand its potential impact on MacOS security.
Syllabus
#HITB2023AMS D2T2 - Privilege Escalation Using DOP In MacOS - Y. Lee, J. Choi, J. Lee & S. Song
Taught by
Hack In The Box Security Conference
Related Courses
XNU Heap Exploitation - From Kernel Bug to Kernel Controlnullcon via YouTube Kernel Exploitation with a File System Fuzzer
Hack In The Box Security Conference via YouTube iOS 10 Kernel Heap Revisited
Hack In The Box Security Conference via YouTube Swiping Through Modern Security Features
Hack In The Box Security Conference via YouTube Turning - Page Tables - Bypassing Advanced Kernel Mitigations Using Page Tables Manipulations
BSidesLV via YouTube