This course, modeled after Jonathan Levin’s “*OS Internals: Volume III”, takes a practical approach to explaining the security of Apple’s operating systems, by explaining the various mechanisms employed by Apple to secure the system – and yet demonstrating how they fail, time and time again. Through case studies of jailbreaks and Pegasus (the only weapons-grade malware caught in the wild), the techniques for protecting the OS integrity – as well as measures used to bypass them – are detailed.
This course is designed to introduce beginners as well as advanced security enthusiasts to the world of mobile security using a fast-paced learning approach through intensive hands-on labs. The class starts with a basic introduction to the ARM instruction set and an intro to reverse engineering before moving on to the internals of iOS and Android. We then discuss some of the latest exploitation techniques using real-world bugs (e.g., voucher_swap for iOS 12) followed by a walkthrough of how jailbreaks are written. We also discuss some of the common vulnerability types (Heap Overflows, Use-after-free, Uninitialized Stack variable, Race conditions).
This course starts with the changes in Windows 10 RS4, Internals, hands-on fuzzing of Windows kernel mode drivers. We will understand pool manager internals in order to groom kernel pool memory from user mode for reliable exploitation of pool based vulnerabilities.
We will look into how we can bypass kASLR using kernel pointer leaks. We will do hands-on exploitation using Data-Only attack which effectively bypasses SMEP and other exploit mitigation.