Presented at
REcon 2013,
June 22, 2013, 4 p.m.
(60 minutes).
XNU, the OS X kernel, is made up of a somewhat unholy marriage of the monolithic BSD kernel and the CMU mach microkernel. Because of this marriage, in addition to BSD syscalls, XNU provides additional system calls and an large IPC interface for userland processes to interact with the underlying mach subsystem.
The presence of these IPC interfaces significantly increases the available attack surface between the kernel and userland processes over just the traditional BSD system calls.
This talk will explore these interfaces and detail the processes devised and lessons learned from building fuzzers for bug hunting in mach territory.
Presenters:
-
Jesse D'Aguanno / x30n
as Jesse D'Aguanno
Jesse D'Aguanno is the founder and Director of Research for Blackwing Intelligence, a boutique information security firm located in the NYC area. He has been hacking for over 16 years and has been an active contributor to the security research community for at least the last 13. His current research interests are primarily focused on offensive techniques including vulnerability discovery, exploit development, anti-forensics and advanced persistence techniques (rootkit dev). Jesse is a regular speaker at industry conferences including REcon, Black Hat and Defcon. His published research has included techniques for subverting software from major vendors, including Blackberry, Apple and numerous others. His research has been featured in major media worldwide. Jesse is also a co-founder and captain of Digital Revelation, a hacker think tank most widely known for taking first place in the Defcon CTF competition two years in a row (And one of the first black badge holders).
Links:
Similar Presentations: