OSX El Capitan - Sinking The Ship

Explore the intricacies of OSX El Capitan's security features in this comprehensive conference talk from SyScan360'16 Singapore. Delve into System Integrity Protection (SIP) and its impact on system security. Examine the differences between systems with and without SIP, and understand the various System Integrity Restriction mechanisms. Learn about SIP Configuration Flags and their role in user space integration. Investigate the implementation of Sandbox Filters and the protection of restricted processes. Analyze the security measures for Launch Daemons and discover potential vulnerabilities in boot arguments. Gain insights into triggering the Kernel Debugger and explore the potential abuse of entitlements via the kernel. This 73-minute presentation offers a deep dive into OSX El Capitan's security architecture, providing valuable knowledge for cybersecurity professionals and enthusiasts alike.

Intro
System Integrity Protection (SIP)
System with and without SIP
System Integrity Restriction
System Integrity Protection Configuration Flags
System Integrity Protection User Space Integration
System Integrity Protection Sandbox Filters
Protection of restricted processes
Launch Daemon Protection
Boot Arguments that make exploitation easier
Triggering Kernel Debugger
Abuse of Entitlements via Kernel