Topics

  • Introduction (starting with old devices)
    • How to handle a new Firmware
    • How to set up your Mac and Device for Vuln Research/Exploit Development
    • How to boot own Kernels
    • How to patch own Code into the Kernel
    • How to write Code for your iDevice
  • Low Level ARM / ARM64
    • Differences between ARM and ARM64
    • Exception Handling
    • Hardware Page Tables
    • Special Registers used by iOS
    • ...
  • iOS Kernel Source Code
    • Structure of the Kernel Source Code
    • Where to look for Vulnerabilities
    • Implementation of Mitigations
    • MAC Policy Hooks, Sandbox, Entitlements, Code Signing
    • ...
  • iOS Kernel Reversing
    • Structure of the Kernel Binary
    • Finding Important Structures
    • Porting Symbols
    • Closed Source Kernel Parts and How to analyze them
    • ...
  • iOS Kernel Debugging
    • Panic Dumps
    • Using the KDP Kernel Debugger
    • Extending the Kernel Debugger (KDP++)
    • Debugging with own Patches
    • Kernel Heap Debugging/Visualization
  • iOS Kernel Heap
    • In-Depth Explanation of How the Kernel Heap works (including recent changes in iOS 7/7.1)
    • Different techniques to control the kernel heap layout
  • iOS Kernel Exploit Mitigations
    • Discussion of all the iOS Kernel Exploit Mitigations introduced
    • Discussion of various weaknesses in these protections
  • iOS Kernel Vulnerabilities and their Exploitation
    • Discussion of previous kernel vulnerabilities used in public jailbreaks
    • Introduction to kernel exploitation with a DEMO vulnerability
    • Exploitation of a real kernel vulnerability at iOS 7.0.4
  • iOS Kernel Jailbreaking
    • Discussion of all the Kernel Patches applied by iOS Jailbreaks
  • Handling of New Devices
    • Discussion of necessary steps to port exploits from old to new devices
  • iOS 7.1?
    • Because the release date of iOS 7.1 is unknown at the moment it is not possible to predict what changes there might be in the kernel. However we will incorporate all the information known about the iOS 7.1 kernel until the training into the material.
  • Persistence
    • The topic of persistence or untethering will be discussed although the kernel land is only partially involved

Topics的更多相关文章

  1. Windows Azure Service Bus Topics实现系统松散耦合

    前言 Windows Azure中的服务总线(Service Bus)提供了多种功能, 包括队列(Queue), 主题(Topic),中继(Relay),和通知中心(Notification Hub) ...

  2. RabbitMQ(五) -- topics

    RabbitMQ(五) -- topics `rabbitmq`中的`topic exchange`将路由键和某模式进行匹配,从而类似于正则匹配的方式去接收喜欢的信息. topic exchange ...

  3. Emiller's Advanced Topics In Nginx Module Development

    Emiller的Nginx模块开发指南 By Evan Miller DRAFT: August 13, 2009 (changes) 翻译:Kongch @2010年1月5日 0:04am -- 2 ...

  4. Problem of Creating Topics in Kafka with Kerberos

    Hi, After enabled Kerberos using Ambari, I got problem creating topics in Kafka using the kafka-topi ...

  5. ERROR:"org.apache.zookeeper.KeeperException$NoAuthException: KeeperErrorCode = NoAuth for /config/topics/test" when creating or deleting Kafka operations authorized through the Ranger policies

    PROBLEM DESCRIPTION When creating or deleting topics in Kafka, they cannot be authorized through the ...

  6. ROS笔记 Topics

    http://wiki.ros.org/ROS/Tutorials/UnderstandingTopics rostopic rqt_graph rosmsg rqt_graph 一个用于查看topi ...

  7. rabbitMq交换机direct、topics

    一: direct 上面我用采用了广播的模式进行消息的发送,现在我们采用路由的方式对不同的消息进行过滤 发送端代码 public class RoutingSendDirect { private s ...

  8. jmeter向ActiveMQ发送消息_广播/订阅(Topics 队列)

    问题描述:测试中需要模拟大量设备的消息上报到平台,但是实际测试中没有那么多设备,所以采取用jmeter直接往ActiveMQ模拟发送设备消息 解决思路:获取平台采取的是Queues还是Topics : ...

  9. Consumer is not subscribed to any topics or assigned any partitions

    版本: scala:2.11.8 spark:2.11 hbase:1.2.0-cdh5.14.0 报错信息: java.lang.IllegalStateException: Consumer is ...

随机推荐

  1. 【Swift初见】Swift词典

    顾名思义.当我们仰望的时候,我们将基于索引查找我们需要找到的资源.在swift这同样适用,每个对象包括字典key和value.我们key为了找到当前这个key相应的value.与数组不同的是,字典项字 ...

  2. Oracle免费的便捷Web应用开发框架

    Oracle免费的便捷Web应用开发框架 APEX 总体来说,APEX是我见过最便捷最高效的开发框架,用起来比PHP还舒服.上手简单,学习成本极低,曾经有个做行政的小女生,在我指导下两天就可以开发出简 ...

  3. 华为机试 之 joseph环

    一:首先科普一下约瑟夫问题的数学方法 (1)  不管是用list实现还是用vector实现都有一个共同点:要模拟整个游戏过程,不仅程序写起来比較烦,并且时间复杂度高达O(nm),当n,m很大(比如上百 ...

  4. 怎么会Sql serverW数据库模型图转化成ord于--您还可以查看属性信息字段

    1. 于Sql server数据库,创建数据库模型图 -- Database Diagrams watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZXQvamN4NTA ...

  5. Android:仿手机QQ朋友动态ListView

    1.介绍: 使用此博客XListView模仿Android版本QQ朋友动态ListView效果.效果如下面的截图: watermark/2/text/aHR0cDovL2Jsb2cuY3Nkbi5uZ ...

  6. easyui dataBox 增加一天,减少一天

    <table> <tr> <td><a href="javascript:void(0)" class="easyui-link ...

  7. IOS开发-Swift新语言初见

    Safe Swift pairs increased type safety with type inference, restricts direct access to pointers, and ...

  8. 小结css2与css3的区别

    CSS3引进了一些新的元素新的特性,我收集以下,自己做了一个小结: animation(基础动画)eg:  div{animation: myfirst 5s linear 2s infinite a ...

  9. 第4章3节《MonkeyRunner源码剖析》ADB协议及服务: ADB协议概览SYNC.TXT翻译参考(原创)

    天地会珠海分舵注:本来这一系列是准备出一本书的,详情请见早前博文“寻求合作伙伴编写<深入理解 MonkeyRunner>书籍“.但因为诸多原因,没有如愿.所以这里把草稿分享出来,所以错误在 ...

  10. 生产环境使用Nginx+uwsgi部署Django

    在本地运行django应用相对来说还是挺方便的,使用自带的runserver启动即可.如果在生产环境部署django,就要多考虑一些问题了.比如静态文件处理,安全,效率等等 在网上找到了不错的部署的教 ...