applied security conferences and training: CanSecWest | PacSec | EUSecWest |

Security Masters Dojo

Advanced and intermediate security training and technology enhancement for information security professionals.

CanSecWest: Security Masters Dojo Vancouver

Practical iOS 13 Kernel Exploitation

Register for the March 14-17, 2020 (4-day course)

Instructor:
Stefan Esser

Description

For the last six years Antid0te has been teaching iOS Kernel Exploitation to a wide variety of students interested in the iOS kernel. Many of our former students have ended up finding and exploiting iOS kernel vulnerabilities since then and have practically demonstrated that by contributing to public jailbreaks of reporting vulnerabilities to Apple.

Teaching iOS exploitation during this time has often be hard due to the lack of access to devices running the most current iOS version. This has dramatically changed in the last weeks with the release of the checkm8 bootrom exploit for iOS devices. This opens up a whole new world of opportunities regarding training practical iOS kernel exploitation to students. For the first time in history we will be able to perform actual hands-on kernel exploitation tasks on devices running the latest firmware.

In this fully redesigned course we will use this to our advantage and will teach students how they can make use of the bootrom exploit to jailbreak current and future iOS versions on demand and how they can disable certain security mitigations to slowly ramp up the difficulty when performing training exercises. In comparison to our previous courses this course will provide more exercises at different difficulty levels.

PREREQUISITE WARNING Each class has prerequisites for software loads and a laptop is mandatory. These individual class guides will list material the students are expected have knowledge about coming in and software tools that need to be pre-installed before attending so you get the maximum benefit from the focused intermediate or advanced level course. Please pay particular attention to the prerequisites, as the material listed there will not be reviewed in the courses, and will be necessary to get the maximum benefit out of these educational programs.

Class content

Day1 Day2 Day3 Day4

Pre-requisites

Students must have prior knowledge in exploitation (basics will not be taught) and must be capable of understanding/programming exploits in C. Students will get an introduction into low level ARM/ARM64 as part of the course.

Software Requirements
Hardware Requirements