YoVDO

OSX El Capitan - Sinking The Ship

Offered By: SyScan360 via YouTube

Tags

SyScan360 Courses macOS Security Courses

Course Description

Overview

Explore the intricacies of OSX El Capitan's security features in this comprehensive conference talk from SyScan360'16 Singapore. Delve into System Integrity Protection (SIP) and its impact on system security. Examine the differences between systems with and without SIP, and understand the various System Integrity Restriction mechanisms. Learn about SIP Configuration Flags and their role in user space integration. Investigate the implementation of Sandbox Filters and the protection of restricted processes. Analyze the security measures for Launch Daemons and discover potential vulnerabilities in boot arguments. Gain insights into triggering the Kernel Debugger and explore the potential abuse of entitlements via the kernel. This 73-minute presentation offers a deep dive into OSX El Capitan's security architecture, providing valuable knowledge for cybersecurity professionals and enthusiasts alike.

Syllabus

Intro
System Integrity Protection (SIP)
System with and without SIP
System Integrity Restriction
System Integrity Protection Configuration Flags
System Integrity Protection User Space Integration
System Integrity Protection Sandbox Filters
Protection of restricted processes
Launch Daemon Protection
Boot Arguments that make exploitation easier
Triggering Kernel Debugger
Abuse of Entitlements via Kernel


Taught by

SyScan360

Related Courses

Remote Code Execution via Java Native Deserialization
SyScan360 via YouTube
SyScan360'16 Singapore - Memory Corruption Is For Wussies
SyScan360 via YouTube
Virtualization System Vulnerability Discovery Technology
SyScan360 via YouTube
SyScan360'16 Singapore - Key Value Injections Here
SyScan360 via YouTube
How to Own Any Windows Network via Group Policy Hijacking Attacks
SyScan360 via YouTube