Fuzzing at Mach Speed: Uncovering IPC Vulnerabilities on MacOS
Offered By: nullcon via YouTube
Course Description
Overview
Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Dive into an in-depth exploration of macOS Inter-Process Communication (IPC) security in this 53-minute conference talk from Nullcon Berlin 2024. Uncover the intricacies of Mach message handlers and their role in executing privileged RPC-like functions, potentially leading to sandbox escapes and privilege escalations. Examine macOS internals, focusing on Mach message calling, processing, data formats, and statefulness. Learn about the development and application of a custom fuzzing harness targeting IPC function handlers, designed to induce crashes indicative of memory corruption vulnerabilities. Analyze several generated crashes, including one with potential for remote code execution. Gain insights into the open-sourced Mach message corpus generation script and custom fuzzing harness, contributing to the cybersecurity community and paving the way for future research in this area.
Syllabus
Nullcon Berlin 2024 | Fuzzing At Mach Speed: Uncovering IPC Vulnerabilities On MacOS - Dillon Franke
Taught by
nullcon
Related Courses
Web Hacker's Toolbox - Tools Used by Successful HackersPackt via Coursera Security for Hackers and Developers: Fuzzing
Pluralsight Advanced White Hat Hacking & Penetration Testing Tutorial
Udemy Practical Buffer Overflows for OSCP
Udemy Intro to Fuzzing for Fun and Profit
YouTube