YoVDO

macOS Security Features Bypasses by Example

Offered By: nullcon via YouTube

Tags

nullcon Courses Cybersecurity Courses SQL Injection Courses macOS Security Courses Vulnerability Research Courses

Course Description

Overview

Explore macOS security features and their vulnerabilities in this 48-minute webinar presented by Jonathan Bar Or, Principal Security Researcher at Microsoft. Delve into the fascinating world of macOS security, combining traditional POSIX security, BSD-based components, and Apple-proprietary elements. Learn about System Integrity Protection (SIP) rootless, rootless entitlements, and various SIP bypass techniques. Discover the intricacies of Transparency, Consent, and Control (TCC), including its database structure and Apple's stringent approach. Examine real-world TCC bypass methods, such as mounting backups, exploiting tccd, and the XCSSET malware technique. Conclude with a bonus discussion on potential SQL injection vulnerabilities in macOS security systems.

Syllabus

Introduction
macOS security
Apple-proprietary
SIP rootless
Rootless entitlements
SIP bypasses 101
Hunting for SIP bypasses
Easy exploit!
What is TCC?
The TCC database
Apple takes TCC very seriously
TCC bypass by mounting backups
TCC bypass by tccd exploit
TCC bypass by XCSSET malware
Bonus round - SQL injection???


Taught by

nullcon

Related Courses

Hacking and Patching
University of Colorado System via Coursera
Software Design Threats and Mitigations
University of Colorado System via Coursera
Introduction to Cybersecurity for Teachers
Raspberry Pi Foundation via FutureLearn
Identifying Security Vulnerabilities
University of California, Davis via Coursera
Web Application Security Testing with Burp Suite
Coursera Project Network via Coursera