Bad Things in Small Packages

Presented at Objective by the Sea version 2.0 (2019), June 2, 2019, 2:55 p.m. (30 minutes)

This talk will primarily focus on the work that went into discovering CVE-2019-8561. The vulnerability exists within PackageKit that could lead to privilege escalation, signature bypassing, and ultimately the bypassing of Apple's System Integrity Protection (SIP). This vulnerability was patched in macOS 10.14.4, but the details behind this exploit have not been documented anywhere prior to this conference!

Presenters:

• Jaron Bradley - Senior Research Developer at CrowdStrike
  Jaron started his career out of college as an incident responder for APT based intrusions. From there he went on to CrowdStrike where he’s done work in many different areas including intrusion analysis and detection engineering. He now continues to work at CrowdStrike on a small R&D team. A large portion of his time is spent investigating Mac based intrusions and detections as he prefers the platforms that are given little attention in the security industry. Jaron is the author of the book OS X Incident Response Scripting and Analysis. He loves these conferences because he lives in Michigan and sometimes forgets what warmth feels like.

Links:

• https://objectivebythesea.org/v2/talks.html#bradley
• https://objectivebythesea.org/v2/talks/OBTS_v2_Bradley.pdf

Similar Presentations:

• DEF CON 30 (2022) / Process injection: breaking all macOS security layers with a single vulnerability
• DEF CON 31 (2023) / Getting a Migraine - uncovering a unique SIP bypass on macOS
• DEF CON 23 (2015) / Stick That In Your (root)Pipe & Smoke It