YoVDO

Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS

Offered By: nullcon via YouTube

Tags

Fuzzing Courses macOS Courses Inter-Process Communication Courses Privilege Escalation Courses Security Research Courses Remote Code Execution Courses Vulnerability Research Courses Memory Corruption Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Dive into an in-depth exploration of macOS Inter-Process Communication (IPC) security in this 53-minute conference talk from Nullcon Berlin 2024. Uncover the intricacies of Mach message handlers and their role in executing privileged RPC-like functions, potentially leading to sandbox escapes and privilege escalations. Examine macOS internals, focusing on Mach message calling, processing, data formats, and statefulness. Learn about the development and application of a custom fuzzing harness targeting IPC function handlers, designed to induce crashes indicative of memory corruption vulnerabilities. Analyze several generated crashes, including one with potential for remote code execution. Gain insights into the open-sourced Mach message corpus generation script and custom fuzzing harness, contributing to the cybersecurity community and paving the way for future research in this area.

Syllabus

Nullcon Berlin 2024 | Fuzzing At Mach Speed: Uncovering IPC Vulnerabilities On MacOS - Dillon Franke


Taught by

nullcon

Related Courses

Web Hacker's Toolbox - Tools Used by Successful Hackers
Packt via Coursera
Security for Hackers and Developers: Fuzzing
Pluralsight
Advanced White Hat Hacking & Penetration Testing Tutorial
Udemy
Practical Buffer Overflows for OSCP
Udemy
Intro to Fuzzing for Fun and Profit
YouTube