Topics

  • Introduction (starting with old devices)
    • How to handle a new Firmware
    • How to set up your Mac and Device for Vuln Research/Exploit Development
    • How to boot own Kernels
    • How to patch own Code into the Kernel
    • How to write Code for your iDevice
  • Low Level ARM / ARM64
    • Differences between ARM and ARM64
    • Exception Handling
    • Hardware Page Tables
    • Special Registers used by iOS
    • ...
  • iOS Kernel Source Code
    • Structure of the Kernel Source Code
    • Where to look for Vulnerabilities
    • Implementation of Mitigations
    • MAC Policy Hooks, Sandbox, Entitlements, Code Signing
    • ...
  • iOS Kernel Reversing
    • Structure of the Kernel Binary
    • Finding Important Structures
    • Porting Symbols
    • Closed Source Kernel Parts and How to analyze them
    • ...
  • iOS Kernel Debugging
    • Panic Dumps
    • Using the KDP Kernel Debugger
    • Extending the Kernel Debugger (KDP++)
    • Debugging with own Patches
    • Kernel Heap Debugging/Visualization
  • iOS Kernel Heap
    • In-Depth Explanation of How the Kernel Heap works (including recent changes in iOS 7/7.1)
    • Different techniques to control the kernel heap layout
  • iOS Kernel Exploit Mitigations
    • Discussion of all the iOS Kernel Exploit Mitigations introduced
    • Discussion of various weaknesses in these protections
  • iOS Kernel Vulnerabilities and their Exploitation
    • Discussion of previous kernel vulnerabilities used in public jailbreaks
    • Introduction to kernel exploitation with a DEMO vulnerability
    • Exploitation of a real kernel vulnerability at iOS 7.0.4
  • iOS Kernel Jailbreaking
    • Discussion of all the Kernel Patches applied by iOS Jailbreaks
  • Handling of New Devices
    • Discussion of necessary steps to port exploits from old to new devices
  • iOS 7.1?
    • Because the release date of iOS 7.1 is unknown at the moment it is not possible to predict what changes there might be in the kernel. However we will incorporate all the information known about the iOS 7.1 kernel until the training into the material.
  • Persistence
    • The topic of persistence or untethering will be discussed although the kernel land is only partially involved

Topics的更多相关文章

  1. Windows Azure Service Bus Topics实现系统松散耦合

    前言 Windows Azure中的服务总线(Service Bus)提供了多种功能, 包括队列(Queue), 主题(Topic),中继(Relay),和通知中心(Notification Hub) ...

  2. RabbitMQ(五) -- topics

    RabbitMQ(五) -- topics `rabbitmq`中的`topic exchange`将路由键和某模式进行匹配,从而类似于正则匹配的方式去接收喜欢的信息. topic exchange ...

  3. Emiller's Advanced Topics In Nginx Module Development

    Emiller的Nginx模块开发指南 By Evan Miller DRAFT: August 13, 2009 (changes) 翻译:Kongch @2010年1月5日 0:04am -- 2 ...

  4. Problem of Creating Topics in Kafka with Kerberos

    Hi, After enabled Kerberos using Ambari, I got problem creating topics in Kafka using the kafka-topi ...

  5. ERROR:"org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test" when creating or deleting Kafka operations authorized through the Ranger policies

    PROBLEM DESCRIPTION When creating or deleting topics in Kafka, they cannot be authorized through the ...

  6. ROS笔记 Topics

    http://wiki.ros.org/ROS/Tutorials/UnderstandingTopics rostopic rqt_graph rosmsg rqt_graph 一个用于查看topi ...

  7. rabbitMq交换机direct、topics

    一: direct 上面我用采用了广播的模式进行消息的发送,现在我们采用路由的方式对不同的消息进行过滤 发送端代码 public class RoutingSendDirect { private s ...

  8. jmeter向ActiveMQ发送消息_广播/订阅(Topics 队列)

    问题描述:测试中需要模拟大量设备的消息上报到平台,但是实际测试中没有那么多设备,所以采取用jmeter直接往ActiveMQ模拟发送设备消息 解决思路:获取平台采取的是Queues还是Topics : ...

  9. Consumer is not subscribed to any topics or assigned any partitions

    版本: scala:2.11.8 spark:2.11 hbase:1.2.0-cdh5.14.0 报错信息: java.lang.IllegalStateException: Consumer is ...

随机推荐

  1. java_面试_20140402(爬虫面试题)

  2. s3c2440 的 rtc 操作

    实时时钟(RTC)其主要功能是电源故障的制度下,使用后备电源,时钟继续.为了不浪费时间信息. s3c2440内部集成了RTC模块,并且用起来也十分简单. 其内部的寄存器BCDSEC,BCDMIN,BC ...

  3. cocos2d-x 颜色

    ccBlendFunc cbl = {GL_SRC_ALPHA, GL_ONE}; Sprite *sprite = Sprite::create("128_00002.png") ...

  4. 猫学习IOS(十五)UI以前的热的打砖块游戏

    猫分享.必须精品 材料代号地址:http://blog.csdn.net/u013357243/article/details/44814523 原文地址:viewmode=contents" ...

  5. NodeJS,我对“高、高、非”的一些看法

    ·众所周知 NodeJS三大神器"事件驱动,V8,回调函数". ·事件驱动,故名思议:等快递和收快递区别.NodeJS将原先大牛们掌握的神神秘秘的EPOLL走向大众化,这点是最大的 ...

  6. 使用SqlBulkCopy导入数据至MS SQL Server

    原文:使用SqlBulkCopy导入数据至MS SQL Server Insus.NET一直使用表类型来数据入MS SQL Server.参考<存储过程参数为DataTable>http: ...

  7. 如何为你的初创应用App开发公司建立战略计划(商业战略竞争五力学)

    首先,什么是战略计划?战略计划可以定义为一个为了达到目标而需要执行的一系列动作步骤的计划. 根据当今全球第一战略权威,商业管理界公认的"竞争战略之父"Michael Porter著 ...

  8. java设计模式之八代理模式(Proxy)

    其实每个模式名称就表明了该模式的作用,代理模式就是多一个代理类出来,替原对象进行一些操作,比如我们在租房子的时候回去找中介,为什么呢?因为你对该地区房屋的信息掌握的不够全面,希望找一个更熟悉的人去帮你 ...

  9. userAgent,JS这么屌的用户代理,你造吗?——判断浏览器内核、浏览器、浏览器平台、windows操作系统版本、移动设备、游戏系统

    1.识别浏览器呈现引擎 为了不在全局作用域中添加多余变量,这里使用单例模式(什么是单例模式?)来封装检测脚本.检测脚本的基本代码如下所示: var client = function() { var ...

  10. SQL Server相似度比较函数

    原文:SQL Server相似度比较函数 相似度函数 概述    最近有人问到关于两个字段求相似度的函数,所以就写了一篇关于相似度的函数,分别是“简单的模糊匹配”,“顺序匹配”,“一对一位置匹配”.在 ...