YoVDO

Privilege Escalation Using DOP in MacOS

Offered By: Hack In The Box Security Conference via YouTube

Tags

Hack In The Box Security Conference Courses Cybersecurity Courses macOS Courses Privilege Escalation Courses Kernel Exploitation Courses Data-Oriented Programming Courses

Course Description

Overview

Explore an advanced exploit technique called Data-Oriented Programming (DOP) for privilege escalation in MacOS. Delve into the complexities of kernel exploitation using DOP, which requires three key primitives: information leakage, arbitrary address read, and arbitrary address write. Learn how DOP offers advantages over Return-Oriented Programming (ROP) by maintaining exploit effectiveness despite kernel code changes. Examine a real-world example of transforming a single heap buffer overflow vulnerability into a full privilege escalation attack using DOP techniques. Gain insights into the strengths and challenges of implementing DOP in practical scenarios, and understand its potential impact on MacOS security.

Syllabus

#HITB2023AMS D2T2 - Privilege Escalation Using DOP In MacOS - Y. Lee, J. Choi, J. Lee & S. Song


Taught by

Hack In The Box Security Conference

Related Courses

XNU Heap Exploitation - From Kernel Bug to Kernel Control
nullcon via YouTube
Kernel Exploitation with a File System Fuzzer
Hack In The Box Security Conference via YouTube
iOS 10 Kernel Heap Revisited
Hack In The Box Security Conference via YouTube
Swiping Through Modern Security Features
Hack In The Box Security Conference via YouTube
Turning - Page Tables - Bypassing Advanced Kernel Mitigations Using Page Tables Manipulations
BSidesLV via YouTube