The Big Picture

Channel:
United States All Hacking Cons
Subscribers:
6,480
Published on ● Video Link: https://www.youtube.com/watch?v=Q6LLn5IBILg


Duration: 1:01:49
1 views
0

Previous work on kernel heap exploitation for iOS or Mac OS X has only covered attacking the freelist of the kernel heap zone allocator. It was however never discussed before what other kernel heap memory allocators exist or what kernel heap allocation functions wrap these allocators. Attacks against further heap meta data or attacking kernel application data has not been discussed before.

This talk will introduce the audience to the big picture of memory allocators in the iOS kernel heap. It will be shown how attacks can be carried out against other meta data stored by other allocators or wrappers. It will be shown how memory allocated into different zones or allocated by different allocators is positioned to each other and if cross attacks are possible. It will be shown how overwriting C++ objects inside the kernel can result in arbitrary code execution. Finally this talk will leverage this to present a generic technique that allows to control the iOS kernel heap in a similar fashion as JavaScript is used in today's browser exploits to control the user space heap.
Presented By:
Stefan Esser
Black Hat - USA - 2012 Hacking conference
#hacking, #hackers, #infosec, #opsec, #IT, #security



Other Videos By All Hacking Cons


2021-12-31Bouncer Land
2021-12-31Trust, Security and Society Presented By Bruce Schneier
2021-12-31Ghost in the Air Traffic
2021-12-31Random Number Generator in PHP
2021-12-31BlackOps
2021-12-31We have you by the Gadgets
2021-12-31Torturing OpenSSL
2021-12-31Probing The Mobile Operating Networks
2021-12-31Find Me in your Database
2021-12-31Digging Deep into the Flash Sandboxes
2021-12-31The Big Picture
2021-12-31SQL Injections
2021-12-31File Disinfection Framework Striking back at the Polymorphic Viruses
2021-12-31Easy Local Windows Kernel Exploitation
2021-12-31Blended Threats and JavaScript: a plan for permanent network compromise
2021-12-31The Info Leak Era Software Exploitation
2021-12-31How many bricks does it take to Crack a Microcell?
2021-12-31Windows 7 Phone Hacking & Exploitation
2021-12-31The Christopher Columbus Rule and DHS
2021-12-31Web Tracking for You
2021-12-31Smashing the Furure for Fun & Profit Presented By:Jeff Moss Bruce Schneier Adam Shostack


Tags:
data
hacker
security
computer
cyber
internet
technology
hacking
attack
digital
virus
information
hack
online
crime
password
code
web
concept
thief
protection
network
scam
fraud
malware
secure
identity
criminal
phishing
software
access
safety
theft
system
firewall
communication
business
privacy
binary
account
spy
programmer
program
spyware
hacked
hacking conference
conference
learn
how to
2022
2021
cybersecurity
owned
break in
google
securing
exploit
exploitation
recon
social engineering