YoVDO

macOS Security Features Bypasses by Example

Offered By: nullcon via YouTube

Tags

nullcon Courses Cybersecurity Courses SQL Injection Courses macOS Security Courses Vulnerability Research Courses

Course Description

Overview

Explore macOS security features and their vulnerabilities in this 48-minute webinar presented by Jonathan Bar Or, Principal Security Researcher at Microsoft. Delve into the fascinating world of macOS security, combining traditional POSIX security, BSD-based components, and Apple-proprietary elements. Learn about System Integrity Protection (SIP) rootless, rootless entitlements, and various SIP bypass techniques. Discover the intricacies of Transparency, Consent, and Control (TCC), including its database structure and Apple's stringent approach. Examine real-world TCC bypass methods, such as mounting backups, exploiting tccd, and the XCSSET malware technique. Conclude with a bonus discussion on potential SQL injection vulnerabilities in macOS security systems.

Syllabus

Introduction
macOS security
Apple-proprietary
SIP rootless
Rootless entitlements
SIP bypasses 101
Hunting for SIP bypasses
Easy exploit!
What is TCC?
The TCC database
Apple takes TCC very seriously
TCC bypass by mounting backups
TCC bypass by tccd exploit
TCC bypass by XCSSET malware
Bonus round - SQL injection???


Taught by

nullcon

Related Courses

Ethical Hacking in 15 Hours - 2023 Edition - Learn to Hack
Cyber Mentor via YouTube
Contextomy - Let's Debug Together
nullcon via YouTube
Exploiting Android Messengers with WebRTC
nullcon via YouTube
XNU Heap Exploitation - From Kernel Bug to Kernel Control
nullcon via YouTube
Don't Ruck Us Too Hard - Owning All of Ruckus AP Devices
nullcon via YouTube