Topics

  • Introduction (starting with old devices)
    • How to handle a new Firmware
    • How to set up your Mac and Device for Vuln Research/Exploit Development
    • How to boot own Kernels
    • How to patch own Code into the Kernel
    • How to write Code for your iDevice
  • Low Level ARM / ARM64
    • Differences between ARM and ARM64
    • Exception Handling
    • Hardware Page Tables
    • Special Registers used by iOS
    • ...
  • iOS Kernel Source Code
    • Structure of the Kernel Source Code
    • Where to look for Vulnerabilities
    • Implementation of Mitigations
    • MAC Policy Hooks, Sandbox, Entitlements, Code Signing
    • ...
  • iOS Kernel Reversing
    • Structure of the Kernel Binary
    • Finding Important Structures
    • Porting Symbols
    • Closed Source Kernel Parts and How to analyze them
    • ...
  • iOS Kernel Debugging
    • Panic Dumps
    • Using the KDP Kernel Debugger
    • Extending the Kernel Debugger (KDP++)
    • Debugging with own Patches
    • Kernel Heap Debugging/Visualization
  • iOS Kernel Heap
    • In-Depth Explanation of How the Kernel Heap works (including recent changes in iOS 7/7.1)
    • Different techniques to control the kernel heap layout
  • iOS Kernel Exploit Mitigations
    • Discussion of all the iOS Kernel Exploit Mitigations introduced
    • Discussion of various weaknesses in these protections
  • iOS Kernel Vulnerabilities and their Exploitation
    • Discussion of previous kernel vulnerabilities used in public jailbreaks
    • Introduction to kernel exploitation with a DEMO vulnerability
    • Exploitation of a real kernel vulnerability at iOS 7.0.4
  • iOS Kernel Jailbreaking
    • Discussion of all the Kernel Patches applied by iOS Jailbreaks
  • Handling of New Devices
    • Discussion of necessary steps to port exploits from old to new devices
  • iOS 7.1?
    • Because the release date of iOS 7.1 is unknown at the moment it is not possible to predict what changes there might be in the kernel. However we will incorporate all the information known about the iOS 7.1 kernel until the training into the material.
  • Persistence
    • The topic of persistence or untethering will be discussed although the kernel land is only partially involved

Topics的更多相关文章

  1. Windows Azure Service Bus Topics实现系统松散耦合

    前言 Windows Azure中的服务总线(Service Bus)提供了多种功能, 包括队列(Queue), 主题(Topic),中继(Relay),和通知中心(Notification Hub) ...

  2. RabbitMQ(五) -- topics

    RabbitMQ(五) -- topics `rabbitmq`中的`topic exchange`将路由键和某模式进行匹配,从而类似于正则匹配的方式去接收喜欢的信息. topic exchange ...

  3. Emiller's Advanced Topics In Nginx Module Development

    Emiller的Nginx模块开发指南 By Evan Miller DRAFT: August 13, 2009 (changes) 翻译:Kongch @2010年1月5日 0:04am -- 2 ...

  4. Problem of Creating Topics in Kafka with Kerberos

    Hi, After enabled Kerberos using Ambari, I got problem creating topics in Kafka using the kafka-topi ...

  5. ERROR:"org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test" when creating or deleting Kafka operations authorized through the Ranger policies

    PROBLEM DESCRIPTION When creating or deleting topics in Kafka, they cannot be authorized through the ...

  6. ROS笔记 Topics

    http://wiki.ros.org/ROS/Tutorials/UnderstandingTopics rostopic rqt_graph rosmsg rqt_graph 一个用于查看topi ...

  7. rabbitMq交换机direct、topics

    一: direct 上面我用采用了广播的模式进行消息的发送,现在我们采用路由的方式对不同的消息进行过滤 发送端代码 public class RoutingSendDirect { private s ...

  8. jmeter向ActiveMQ发送消息_广播/订阅(Topics 队列)

    问题描述:测试中需要模拟大量设备的消息上报到平台,但是实际测试中没有那么多设备,所以采取用jmeter直接往ActiveMQ模拟发送设备消息 解决思路:获取平台采取的是Queues还是Topics : ...

  9. Consumer is not subscribed to any topics or assigned any partitions

    版本: scala:2.11.8 spark:2.11 hbase:1.2.0-cdh5.14.0 报错信息: java.lang.IllegalStateException: Consumer is ...

随机推荐

  1. Cloudera CDH 5集群搭建(yum 方式)

    1      集群环境 主节点 master001 ~~ master006 从节点 slave001 ~~ slave064 2      安装CDH5的YUM源 rpm -Uvhhttp://ar ...

  2. android如何在代码中设置margin

    1.首先看你要设置组件的父容器是什么. 例如,我是FrameLayout其中包括组件.如果调用bottomLayout这是: FrameLayout.LayoutParams lp = new Fra ...

  3. redis修改的源代码zincrby,hincrby命令

    在项目中大量使用zincrby命令.究其原因是统计一些统计指标的日志值,和需要返回到顺序topn. 通常情况下,.调用一次的指示器zincrby(zincrby default:type 1 type ...

  4. likely()与unlikely()

    he gcc C compiler has a built-in directive that optimizes conditional branches as either very likely ...

  5. Linux内核源代码情景分析-中断半

    一.中断初始化 1.中断向量表IDT初始化 void __init init_IRQ(void) { int i; #ifndef CONFIG_X86_VISWS_APIC init_ISA_irq ...

  6. Spring之使用Annotation注解开发项目

    我们也可以使用Annotation来实现注入操作,提高我们写代码的灵活性和效率.spring中要使用annotation,需要在配置文件中增加: <beans xmlns="http: ...

  7. JavaScript插件化开发

    大熊君JavaScript插件化开发 一,开篇分析 Hi,大家好!大熊君又和大家见面了,还记得昨天的那篇文章吗------这个系列的开篇(第一季).主要讲述了以“jQuery的方式如何开发插件”, 那 ...

  8. javascript and dom1

    <script type="text/javascript"> //数组 var beatles=Array(4); var beatles=Array(); cons ...

  9. ie6、ie7真的不支持inline-block吗?

    本来今天想出JavaScript继承的博文的,由于也才刚学习不久,以及工作比较忙,所以暂推两天写JavaScript的继承,喜欢的童鞋们关注我的博客哟! okay,言归正传.之前在接触前端的时候,处理 ...

  10. CSS背景图片定位

    原文:CSS背景图片定位 在网页开发中我们经常需要对图片进行分割(如下图)来使用,而不是分别提供单独的图片来调用,常见的如页面背景,按钮图标等,这样做的好处就是减少请求次数,节省时间和带宽. 对背景图 ...