macOS Security Features Bypasses by Example
Offered By: nullcon via YouTube
Course Description
Overview
Explore macOS security features and their vulnerabilities in this 48-minute webinar presented by Jonathan Bar Or, Principal Security Researcher at Microsoft. Delve into the fascinating world of macOS security, combining traditional POSIX security, BSD-based components, and Apple-proprietary elements. Learn about System Integrity Protection (SIP) rootless, rootless entitlements, and various SIP bypass techniques. Discover the intricacies of Transparency, Consent, and Control (TCC), including its database structure and Apple's stringent approach. Examine real-world TCC bypass methods, such as mounting backups, exploiting tccd, and the XCSSET malware technique. Conclude with a bonus discussion on potential SQL injection vulnerabilities in macOS security systems.
Syllabus
Introduction
macOS security
Apple-proprietary
SIP rootless
Rootless entitlements
SIP bypasses 101
Hunting for SIP bypasses
Easy exploit!
What is TCC?
The TCC database
Apple takes TCC very seriously
TCC bypass by mounting backups
TCC bypass by tccd exploit
TCC bypass by XCSSET malware
Bonus round - SQL injection???
Taught by
nullcon
Related Courses
Hacking and PatchingUniversity of Colorado System via Coursera Software Design Threats and Mitigations
University of Colorado System via Coursera Introduction to Cybersecurity for Teachers
Raspberry Pi Foundation via FutureLearn Identifying Security Vulnerabilities
University of California, Davis via Coursera Web Application Security Testing with Burp Suite
Coursera Project Network via Coursera