3-Day Training: iOS 11/12 Userspace Exploitation Training (Amsterdam\, Netherlands - May 6-8\, 2019) - ResearchAndMarkets.com

3-Day Training: iOS 11/12 Userspace Exploitation Training (Amsterdam, Netherlands - May 6-8, 2019) - ResearchAndMarkets.com

DUBLIN--()--The "3-Day Training: iOS 11/12 Userspace Exploitation Training" training has been added to ResearchAndMarkets.com's offering.

For years we have taught iOS Kernel Exploitation to a large crowd of students. However more and more students have been asking for a similar course targetted at iOS Userspace Exploitation. Therefore for 2019 we have finally added this course to our syllabus.

In this 3-day training, participants will take a deep dive into topics related to iOS 11/12 userpace level exploitation. This starts with a short crash course in ARM64 followed by an introduction into the details of iOS userspace from memory layout and its randomization over sandboxing and IPC to the attack surface of applications, daemons and browsers.

The following days will then concentrate on common vulnerabilities in these areas and how they are usually exploited. The course will also introduce the students to the heap implementations involved to fully understand the heap exploitation examples.

All hands on exercises will be performed on iOS devices on iOS 11.x that will be provided by the trainer for the duration of the course.

Key Learning Objectives

  • Understanding iOS exploitation on ARM64
  • Understanding the iOS sandboxing from userspace
  • Understanding userspace exploit mitigations
  • Common vulnerabilities in iOS applications and daemons and their exploitation
  • Understanding iOS userpace heap implementations
  • Basics of iOS browser exploitation

Prerequisite Knowledge

Basic knowledge of exploitation (preferably on ARM platform)

Hardware / Software Requirements

  • MacBook with latest MacOS
  • latest XCode with support for iOS 11/12
  • IDA Pro 7.x or Hopper
  • (optionally) iOS device on iOS 11

Agenda

Time: 9.00am - 6.00pm

Day 1

  • ARM64 Architecture and Assembly for Userspace Exploitation
  • iOS Userspace Memory Layout
  • Dynamic Loading Frameworks, Libraries and ASLR
  • Understanding Applications, Daemons and Browsers
  • iOS Sandboxing and Inter Process Communication
  • Userspace Exploit Mitigations
  • Userspace Attack Surface

Day 2

  • Debugging on iOS
  • Working with or without Jailbreaks
  • iOS Userland Heap Implementation
  • Vulnerabilities and their Exploitation in Applications
  • Vulnerabilities and their Exploitation in Daemons

Day 3

  • ARMv8.3 Pointer Authentication
  • WebKit Heap Implementation
  • Exploitation of WebKit/JavaScriptCore based bugs

For more information about this training visit https://www.researchandmarkets.com/research/v2jkdp/3day_training?w=4