filmov
tv
#HITB2012KUL D1T2 - Mark Dowd & Tarjei Mandt - iOS 6 Security
Показать описание
PRESENTATION MATERIALS:
PRESENTATION ABSTRACT:
In recent years, iOS security has become a hot topic, largely due to the unprecedented popularity of Apple iDevices. One of the major exploitation targets within iOS that has received a significant amount of public scrutiny is the kernel, as it encapsulates the security extensions that govern access to the device. A variety of kernel exploits have been publicly released that employ relatively simple attack methodologies, largely due to the fact that very few kernel-level exploit mitigation technologies have been put in place. Apple has addressed this problem in iOS 6 with the addition of a variety of kernel hardening technologies that are intended to thwart popular exploitation strategies that are typically used by attackers.
This presentation introduces these technologies, discusses their impact and effectiveness against popular attack methodologies, and also outline their limitations (where appropriate). It is hoped that attendees will gain an understanding of the current state of iOS kernel exploitation, what techniques have been rendered useless, and the kinds of techniques that will need to be employed in future kernel-level exploits.
ABOUT MARK DOWD
Mark is a director and founder of Azimuth Security, and brings over 10 years of security experience to the team. The bulk of his professional career has been focused in the area of application security research. Mark spent a number of years as a senior researcher at IBM's Internet Security Systems (ISS) X-Force, during which he discovered a number of high-profile vulnerabilities in ubiquitous Internet software. In addition to professional vulnerability research, Mark's previous experience includes serving as a principal security architect for McAfee, as well as performing a variety of information security consulting services independently and for ITAC Consulting.
Mark's vulnerability research record speaks for itself. Over the last decade, Mark has identified and helped remediate critical remotely exploitable security vulnerabilities in Sendmail, Microsoft Exchange, OpenSSH, Internet Explorer, Mozilla Firefox, Adobe Flash, Checkpoint VPN, and Microsoft's SSL implementation. In addition to his vulnerability research, Mark has published several technical research papers, and was a co-author of the Addison-Wesley Professional book "The Art of Software Security Assessment". He was the winner of the 2009 Google Native Client Security Contest. Mark regularly speaks at industry conferences, including BlackHat, CanSecWest, PacSec, and Ruxcon.
CO-PRESENTER: TARJEI MANDT
Tarjei Mandt is a senior vulnerability researcher at Azimuth Security. He holds a Master's degree in Information Security and has previously spoken at security conferences such as Black Hat USA, INFILTRATE, SyScan, H2HC, and Hackito Ergo Sum. In his free time, he enjoys spending countless hours challenging security mechanisms and researching intricate issues in low-level system components. Recently, he has done extensive research on modern kernel pool exploitation and discovered several vulnerabilities in Windows kernel components.
PRESENTATION ABSTRACT:
In recent years, iOS security has become a hot topic, largely due to the unprecedented popularity of Apple iDevices. One of the major exploitation targets within iOS that has received a significant amount of public scrutiny is the kernel, as it encapsulates the security extensions that govern access to the device. A variety of kernel exploits have been publicly released that employ relatively simple attack methodologies, largely due to the fact that very few kernel-level exploit mitigation technologies have been put in place. Apple has addressed this problem in iOS 6 with the addition of a variety of kernel hardening technologies that are intended to thwart popular exploitation strategies that are typically used by attackers.
This presentation introduces these technologies, discusses their impact and effectiveness against popular attack methodologies, and also outline their limitations (where appropriate). It is hoped that attendees will gain an understanding of the current state of iOS kernel exploitation, what techniques have been rendered useless, and the kinds of techniques that will need to be employed in future kernel-level exploits.
ABOUT MARK DOWD
Mark is a director and founder of Azimuth Security, and brings over 10 years of security experience to the team. The bulk of his professional career has been focused in the area of application security research. Mark spent a number of years as a senior researcher at IBM's Internet Security Systems (ISS) X-Force, during which he discovered a number of high-profile vulnerabilities in ubiquitous Internet software. In addition to professional vulnerability research, Mark's previous experience includes serving as a principal security architect for McAfee, as well as performing a variety of information security consulting services independently and for ITAC Consulting.
Mark's vulnerability research record speaks for itself. Over the last decade, Mark has identified and helped remediate critical remotely exploitable security vulnerabilities in Sendmail, Microsoft Exchange, OpenSSH, Internet Explorer, Mozilla Firefox, Adobe Flash, Checkpoint VPN, and Microsoft's SSL implementation. In addition to his vulnerability research, Mark has published several technical research papers, and was a co-author of the Addison-Wesley Professional book "The Art of Software Security Assessment". He was the winner of the 2009 Google Native Client Security Contest. Mark regularly speaks at industry conferences, including BlackHat, CanSecWest, PacSec, and Ruxcon.
CO-PRESENTER: TARJEI MANDT
Tarjei Mandt is a senior vulnerability researcher at Azimuth Security. He holds a Master's degree in Information Security and has previously spoken at security conferences such as Black Hat USA, INFILTRATE, SyScan, H2HC, and Hackito Ergo Sum. In his free time, he enjoys spending countless hours challenging security mechanisms and researching intricate issues in low-level system components. Recently, he has done extensive research on modern kernel pool exploitation and discovered several vulnerabilities in Windows kernel components.
0:57:14
#HITB2012KUL D1T2 - Mark Dowd & Tarjei Mandt - iOS 6 Security
0:59:11
#HITB2021SIN KEYNOTE 1: Security Technology Arms Race 2021 - Medal Event - Mark Dowd
0:07:26
Mark Dowd on Exploit Mitigation Development
0:56:15
#HITB2012KUL D1T2 - Don Bailey - Hackers the Movie: A Retrospective
0:49:44
#HITB2012KUL D1T2 - Meder Kydyraliev - Defibrilating Web Security
0:22:57
#HITB2021SIN HATS D1 - Post Talk Q&A with Mark Dowd
0:07:37
Cyber Security 2015
0:53:52
#HITB2012KUL D2 PANEL DISCUSSION: iOS / OS X Security
0:57:14
Mark Dowd & Tarjei Mandt iOS 6 Security
0:47:19
#HITB2012KUL D1T2 - Haroon Meer - You and Your Research
0:34:21
THE (MEMORY CORRUPTION) SAFETY DANCE
0:53:22
#HITB2012KUL D1T3 - John Captain Crunch Draper - A Historical Look at the Phreaking Scene
0:45:42
#HITB2012KUL D2T2 - Jeremiah Grossman - Why Web Security is Fundamentally Broken
0:04:16
Mark Dowd Interview
0:02:47
@mikko vs @k8em0 #HITB2012KUL
0:04:18
Mark Dowd Interview
0:59:58
#HITB2012KUL D1T1 - Petko D. Petkov - A Short History of the JavaScript Security Arsenal
0:55:50
#HITB2012AMS D2T2 - Dream Team - Part 1 - Corona for iOS 5.0.1
0:59:38
#HITB2012KUL D1T3 - Paul Sebastian Ziegler - Hacking in The Far East
1:08:24
#HITB2013AMS D2T1 Evad3rs - Swiping Through Modern Security Features
0:48:46
Defibrillating Web Security - Meder Kydyraliev
0:43:46
GeekcampSG 2012 #6 - Learning iOS and hunting NSZombies in 3 weeks by Calvin Cheng
0:56:19
Blackhat 2012: iOS Kernel
0:30:14
iOS Security Jailbreaking, Exploitation
Комментарии