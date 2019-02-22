The "3-Day Training: iOS 11/12 Userspace Exploitation Training" training has been added to ResearchAndMarkets.com's offering.

For years we have taught iOS Kernel Exploitation to a large crowd of students. However more and more students have been asking for a similar course targetted at iOS Userspace Exploitation. Therefore for 2019 we have finally added this course to our syllabus.

In this 3-day training, participants will take a deep dive into topics related to iOS 11/12 userpace level exploitation. This starts with a short crash course in ARM64 followed by an introduction into the details of iOS userspace from memory layout and its randomization over sandboxing and IPC to the attack surface of applications, daemons and browsers.

The following days will then concentrate on common vulnerabilities in these areas and how they are usually exploited. The course will also introduce the students to the heap implementations involved to fully understand the heap exploitation examples.

All hands on exercises will be performed on iOS devices on iOS 11.x that will be provided by the trainer for the duration of the course.

Key Learning Objectives

Understanding iOS exploitation on ARM64

Understanding the iOS sandboxing from userspace

Understanding userspace exploit mitigations

Common vulnerabilities in iOS applications and daemons and their exploitation

Understanding iOS userpace heap implementations

Basics of iOS browser exploitation

Prerequisite Knowledge

Basic knowledge of exploitation (preferably on ARM platform)

Hardware Software Requirements

MacBook with latest MacOS

latest XCode with support for iOS 11/12

IDA Pro 7.x or Hopper

(optionally) iOS device on iOS 11

Agenda

Time: 9.00am 6.00pm

Day 1

ARM64 Architecture and Assembly for Userspace Exploitation

iOS Userspace Memory Layout

Dynamic Loading Frameworks, Libraries and ASLR

Understanding Applications, Daemons and Browsers

iOS Sandboxing and Inter Process Communication

Userspace Exploit Mitigations

Userspace Attack Surface

Day 2

Debugging on iOS

Working with or without Jailbreaks

iOS Userland Heap Implementation

Vulnerabilities and their Exploitation in Applications

Vulnerabilities and their Exploitation in Daemons

Day 3

ARMv8.3 Pointer Authentication

WebKit Heap Implementation

Exploitation of WebKit/JavaScriptCore based bugs

