Linux Kernel Exploit Development by Vitaly Nikolenko
This training focused on exploiting a recent Linux kernel vulnerability on x86_64. We provided a complete walkthrough starting from the vulnerability analysis and the initial crash to a full weaponised exploit. Though the training concentrated on a specific vulnerability, the goal was to demonstrate general exploitation concepts that can be applied to other classes of kernel memory corruption vulnerabilities.
During the training, attendees have obtained hands-on experience in kernel exploitation and develop several iterations of the exploit required to bypass common kernel exploitation mitigations such as SMEP/SMAP/KPTI.
This training was structured as several theory modules (providing required background material) followed by practical hands-on exercises. It aimed at the intermediate level and was ideal for attendees already familiar with common user-space exploitation techniques.
The training was largely self-contained. It included brief refreshers on x86_64 architecture and GDB.
iOS Sandbox Escape Vulnerability and Exploitation by Hao Xu/Pangu
In this training we began by introducing iOS architecture and its security mitigations, Followed by a talk about iOS runtime and showed how to do reverse engineering. After that we focused on Mach msg basics and how XPC works upon on it. We did this because most iOS daemons provide an XPC interface and if they don’t handle the messages properly, security bugs may come up.
The training also covered some known bugs in the security history of iOS which enable you to execute code with a high privileged context. During the training students took an exercise in exploiting a particular bug to see how real exploit is developed.