Topics

  • Introduction (starting with old devices)
    • How to handle a new Firmware
    • How to set up your Mac and Device for Vuln Research/Exploit Development
    • How to boot own Kernels
    • How to patch own Code into the Kernel
    • How to write Code for your iDevice
  • Low Level ARM / ARM64
    • Differences between ARM and ARM64
    • Exception Handling
    • Hardware Page Tables
    • Special Registers used by iOS
    • ...
  • iOS Kernel Source Code
    • Structure of the Kernel Source Code
    • Where to look for Vulnerabilities
    • Implementation of Mitigations
    • MAC Policy Hooks, Sandbox, Entitlements, Code Signing
    • ...
  • iOS Kernel Reversing
    • Structure of the Kernel Binary
    • Finding Important Structures
    • Porting Symbols
    • Closed Source Kernel Parts and How to analyze them
    • ...
  • iOS Kernel Debugging
    • Panic Dumps
    • Using the KDP Kernel Debugger
    • Extending the Kernel Debugger (KDP++)
    • Debugging with own Patches
    • Kernel Heap Debugging/Visualization
  • iOS Kernel Heap
    • In-Depth Explanation of How the Kernel Heap works (including recent changes in iOS 7/7.1)
    • Different techniques to control the kernel heap layout
  • iOS Kernel Exploit Mitigations
    • Discussion of all the iOS Kernel Exploit Mitigations introduced
    • Discussion of various weaknesses in these protections
  • iOS Kernel Vulnerabilities and their Exploitation
    • Discussion of previous kernel vulnerabilities used in public jailbreaks
    • Introduction to kernel exploitation with a DEMO vulnerability
    • Exploitation of a real kernel vulnerability at iOS 7.0.4
  • iOS Kernel Jailbreaking
    • Discussion of all the Kernel Patches applied by iOS Jailbreaks
  • Handling of New Devices
    • Discussion of necessary steps to port exploits from old to new devices
  • iOS 7.1?
    • Because the release date of iOS 7.1 is unknown at the moment it is not possible to predict what changes there might be in the kernel. However we will incorporate all the information known about the iOS 7.1 kernel until the training into the material.
  • Persistence
    • The topic of persistence or untethering will be discussed although the kernel land is only partially involved

Topics的更多相关文章

  1. Windows Azure Service Bus Topics实现系统松散耦合

    前言 Windows Azure中的服务总线(Service Bus)提供了多种功能, 包括队列(Queue), 主题(Topic),中继(Relay),和通知中心(Notification Hub) ...

  2. RabbitMQ(五) -- topics

    RabbitMQ(五) -- topics `rabbitmq`中的`topic exchange`将路由键和某模式进行匹配,从而类似于正则匹配的方式去接收喜欢的信息. topic exchange ...

  3. Emiller's Advanced Topics In Nginx Module Development

    Emiller的Nginx模块开发指南 By Evan Miller DRAFT: August 13, 2009 (changes) 翻译:Kongch @2010年1月5日 0:04am -- 2 ...

  4. Problem of Creating Topics in Kafka with Kerberos

    Hi, After enabled Kerberos using Ambari, I got problem creating topics in Kafka using the kafka-topi ...

  5. ERROR:"org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test" when creating or deleting Kafka operations authorized through the Ranger policies

    PROBLEM DESCRIPTION When creating or deleting topics in Kafka, they cannot be authorized through the ...

  6. ROS笔记 Topics

    http://wiki.ros.org/ROS/Tutorials/UnderstandingTopics rostopic rqt_graph rosmsg rqt_graph 一个用于查看topi ...

  7. rabbitMq交换机direct、topics

    一: direct 上面我用采用了广播的模式进行消息的发送,现在我们采用路由的方式对不同的消息进行过滤 发送端代码 public class RoutingSendDirect { private s ...

  8. jmeter向ActiveMQ发送消息_广播/订阅(Topics 队列)

    问题描述:测试中需要模拟大量设备的消息上报到平台,但是实际测试中没有那么多设备,所以采取用jmeter直接往ActiveMQ模拟发送设备消息 解决思路:获取平台采取的是Queues还是Topics : ...

  9. Consumer is not subscribed to any topics or assigned any partitions

    版本: scala:2.11.8 spark:2.11 hbase:1.2.0-cdh5.14.0 报错信息: java.lang.IllegalStateException: Consumer is ...

随机推荐

  1. Android有效的治疗方法Bitmap,减少内存

    Android有效的治疗方法Bitmap,减少内存 照片可能有不同的大小. 在很多情况下,大小.比如,我们的Camera应用,我们所拍的照片的大小远大于屏幕显示的大小 假如你的应用被限制了内存使用,显 ...

  2. hadoop排序组合键的使用情况

    于hadoop当处理复杂的业务,需要使用组合键,与单纯的复杂的继承Writable接口,但继承WritableComparable<T>接口.事实上.WritableComparable& ...

  3. 使用DPM(Deformable Part Model,voc-release3.1)算法INRIA通过训练你的身体检测模型数据集

    我的环境 DPM源代码版本号:voc-release3.1 VOC开发包版本号:VOC2007_devkit_08-Jun Matlab版本号:MatlabR2012b c++编译器:VS2010 系 ...

  4. WebBrowser!

    原文:WebBrowser! 我现在先放一些基础的文章在这里,以后再放别的上来官方范例连接http://www.microsoft.com/china/msdn/library/langtool/vc ...

  5. bootstrap-wysiwyg 结合 base64 解码 .net bbs 图片操作类

    using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Dr ...

  6. ASP.NET状态服务及session丢失问题解决方案总结

    原文:ASP.NET状态服务及session丢失问题解决方案总结[转载] asp.net Session的实现: asp.net的Session是基于HttpModule技术做的,HttpModule ...

  7. MyEclipse 设置全部jsp的编码为UFT-8 的方法

  8. 关于Installshield里一些常见问题的解答—艾泽拉斯之海洋女神出品

    原文:关于Installshield里一些常见问题的解答-艾泽拉斯之海洋女神出品 上一篇:一个完整的安装程序实例—艾泽拉斯之海洋女神出品(五) --补遗转载时请务必保留转载出处和由艾泽拉斯之海洋女神出 ...

  9. centos6的安装

      centos6的安装,一步一图,有图有真相     打开虚拟机VMware,点击文件,选择[新建虚拟机],如图所示

  10. openwrt的GPIO控制

    为什么有些GPIO可以在/sys/class/gpio中控制,而有些不行呢? 先来看一看普通不需要C程序而是使用脚本的控制方法(Linux普遍适用): First step is making GPI ...