Vincenzo Iozzo & Dino Dai Zovi
USA 2011 Weekend Training Session //July 30-31
USA 2011 Weekday Training Session //August 1-2
This two-day course will take students through the complete process of finding and exploiting vulnerabilities in and on Mac OS X, highlighting the unique aspects of the operating system that vulnerability researchers must be aware of. Each unit of the course includes lecture and lab sessions designed to give students the background they need and then the opportunity to get hands-on experience applying those techniques.
What you will learn:
The course begins with an introduction to Mac OS X, covering the system architecture as well as key topics such as the XNU kernel, Mach-O binary executable format, and Objective-C. We will also examine the security features and infrastructure of the operating system, including defenses against exploitation and privilege escalation.
The rest of the first day focuses on the in-depth examination of the system through reverse engineering of Objective-C applications and development of Mach-based system tools. Through combining both reverse engineering and Mach-based development, students will develop injectible bundles that hook interesting Objective-C methods in real Cocoa applications. These techniques can be used to identify vulnerabilities deep down within large applications.
The second day of the course covers exploitation of security vulnerabilities, covering debugging, exploitation vectors, and payloads. Students will use gdb, IDA Pro, and BinNavi to dynamically examine rich applications and debug exploitation of stack and heap memory corruption vulnerabilities. After students have learned hands-on how to exploit these vulnerabilities, the course will cover OS X payloads and payload techniques. The exploitation labs will be complementary so that students develop their own payloads for their exploit of a vulnerability in a demonstration web browser plugin.
Who Should Take This Class?
Anyone interested in or responsible for vulnerability and/or malware analysis on the Mac OS X platform.
What to bring:
- An Intel-based Mac OS X system
- Vmware Fusion (or equivalent) with Windows XP
- IDA Pro,
- Apple Developers Tools.
- Possibly BinNavi with GdbAgent, but not mandatory.
What you get:
Students will receive full printed materials for the course as well as the source code and exploits for all demonstrations and examples.
- Knowledge of C, Gdb and IDA Pro
- Suggested: knowledge of the basics of Vulnerability Research and an understanding of X86 assembly.
Vincenzo Iozzo is a student at the Politecnico di Milano where he does some research regarding malware and IDS. He is involved in a number of open source projects, including FreeBSD due to Google Summer of Code. He also works as a security consultant for Secure Network, an Italian company, and as a reverse engineer for Zynamics. Additionally he spoke in a number of security conferences including Black Hat, EuSecWest and DeepSec.
Dino Dai Zovi has been working in information security for over 9 years with experience in red teaming, penetration testing, and software security assessments at Sandia National Laboratories, @stake, and Matasano Security. Mr. Dai Zovi is also a regular speaker at information security conferences including presentations of his research on MacOS X security, hardware virtualization assisted rootkits using Intel VT-x, 802.11 wireless client security, and offensive security techniques at Black Hat USA, Microsoft Blue Hat, CanSecWest, the USENIX Workshop on Offensive Technology, and DEFCON. He is a co-author of "The Mac Hacker's Handbook" (Wiley 2008) and "The Art of Software Security Testing" (Addison-Wesley Professional 2006). He is perhaps best known in the information security and Mac communities for discovering the vulnerability and writing the exploit to win the first PWN2OWN contest at CanSecWest 2007.
Ends April 30
Ends Jun 15
Ends Jul 29