Debug for Bug Crack and Hack Apple Core by Itself

Channel:
United States All Hacking Cons
Subscribers:
5,970
Published on ● Video Link: https://www.youtube.com/watch?v=ldYdGMM_TnU


Duration: 43:00
4 views
0

Debug for Bug: Crack and Hack Apple Core by Itself - Fun and Profit to Debug and Fuzz Apple Kernel by lldb Script
Lilang Wu | Senior Engineer, Trend Micro
Moony Li | Security Researcher Leader, Trend Micro
Location: Breakers GHI
Date: Thursday, August 8 | 5:00pm-6:00pm
Format: 50-Minute Briefings
Track: Platform Security

As we know for security researchers, almost every operation system vendor has highly raised the bar of security vulnerability credit or bonus criteria and lots of security mitigations such CFI on Android 9 or PAC based on hardware on iOS 12 have been integrated to vendor system.

What is more, industrial standard fuzzers (typical as AFL, syzkaller based on code coverage feedback) have been deployed on large scale. The survival space of bug hunting left for security researchers seems to be much smaller. Code reviewing based on threat expert knowledge seems to be the only way but which is obvious time consuming and dummy effort.

Any idea on how to break the deadlock now? As security researchers, maybe you could try our debug fuzzer for bug hunt. This method we pledged has been verified to be effective to find and expand new attack interface but also flexible, scalable and scriptable for vulnerability research utilities.

Based on our fuzzing methodology, we found dozens of vulnerabilities, including double free, oob read/write etc. which we will provide a detailed analysis of. However, these 10 vulnerabilities is the only part of we found, others will be analyzed later and submitted to Apple.

Black Hat - USA - 2019 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2022-01-07Finding a Needle in an Encrypted Haystack: Detect the Most Prevalent Attacks on Active Directory
2022-01-07Flying a False Flag: Advanced C2, Trust Conflicts, and Domain Takeover
2022-01-07Attacking and Defending the Microsoft Cloud (Office 365 & Azure AD)
2022-01-07GDPArrrrr: Using Privacy Laws to Steal Identities
2022-01-07Finding Our Path: How We're Trying to Improve Active Directory Security
2022-01-07Ghidra - Journey from Classified NSA Tool to Open Source
2022-01-07Bounty Operations: Best Practices and Common Pitfalls to Avoid in the First 6-12 Months
2022-01-07Attacking Electric Motors for Fun and Profit
2022-01-07Death to the IOC What's Next in Threat Intelligence
2022-01-07Going Beyond Coverage-Guided Fuzzing with Structured Fuzzing
2022-01-07Debug for Bug Crack and Hack Apple Core by Itself
2022-01-07Hacking Ten Million Useful Idiots: Online Propaganda as a Socio-Technical Security Project
2022-01-07Breaking Encrypted Databases: Generic Attacks on Range Queries
2022-01-07Hacking Your Non Compete
2022-01-07Breaking Samsung's ARM TrustZone
2022-01-07Breaking Through Another Side Bypassing Firmware Security Boundaries from Embedded Controller
2022-01-07No Royal Road … Notes on Dangerous Game
2022-01-07So I became a Domain Controller
2022-01-07Understanding and Exploiting Implanted Medical Devices
2022-01-07Your Voice is My Passport
2022-01-07None of My Pixel is Your Business Active Watermarking Cancellation Against Video Streaming Service


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
identity
criminal
phishing
software
safety
theft
system
firewall
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering
Lilang Wu
Moony Li