Jonathan Levin / @Technologeeks
Author of “*OS Internals” and “Android Internals”, CTO of Technologeeks.com, long time specializing in the internals of Linux and Darwin variants. Spoke at various major conferences.

Sypnosis
This course, modeled after Jonathan Levin’s “*OS Internals: Volume III”, takes a practical approach to explaining the security of Apple’s operating systems, by explaining the various mechanisms employed by Apple to secure the system – and yet demonstrating how they fail, time and time again. Through case studies of jailbreaks and Pegasus (the only weapons-grade malware caught in the wild), the techniques for protecting the OS integrity – as well as measures used to bypass them – are detailed.
Code samples detailing usage of each mechanism are provided as actual examples for discussion in class. Actual jailbreak code, including the latest iOS 11.1.2 Liber* family of jailbreaks, is presented. Advanced tools – such as Xn00p, our live kernel inspection/debugging tool – allow unprecedented visualization of what happens behind the scenes in every step of the jailbreak process.

Prerequisites

  • Knowledge of Mac OS X and/or iOS, and user mode programming.
  • Knowledge of *OS kernel concepts: XNU = { Mach + BSD + IOKit }
  • Knowledge of Mach IPC – ports and message format
  • Familiarity with x86_64 and/or ARM32/64 is highly recommended
  • Bring your own Mac/jailbroken i-Device (ask us about renting one for class!)
  • Students must bring MacBooks with XCode 10.x + latest XNU Sources (4903+) installed (ask us about renting one!)
  • For iOS examples, it is recommended that students be in possession of a provisioning profile, or use jtool/ldid to self-sign

Objectives

  • Understand the MAC Framework in MacOS and the iOS Variants
  • Understand kernel memory protections
  • Explain the methodology employed by jailbreaks and malware alike to elevate privileges and obtain unrestricted access
  • Understand how jailbreaks repeatedly find flaws and circumventions in Apple’s mechanisms
  • Understand the Apple Sandbox, and its profile language
  • Explain common jailbreaking techniques, before and after kernel patch protection
  • Understand attack surfaces in OS X and iOS (and its derivatives), particularly those of the kernel, kexts (I/O Kit) and system daemons.

Seats – 15

Period – Three days

Language – English