For the last few years we have taught iOS and OS X/MacOS kernel security and exploitation to a wide variety of students. Techniques and vulnerabilities discussed in our training have been instrumental in the creation of several public jailbreaks between iOS 7 and iOS 10. And also several techniques used in the very latest public jailbreaks are covered in our trainings. Our previous trainees can also be seen reporting vulnerabilities to Apple these days and a few of them even work for them these days.
This course has been under constant development for years, because Apple keeps adding new security mitigations into the kernel or changes how security relevant implementations like the kernel heap work. For 2019 we will have reworked the material again to cover the latest security changes in iOS 12 and the successor of the iPhone 9/X.
We have also improved the software tools that we use during kernel security research.
This course is concentrating on introducing trainees to security features of the iOS kernel and internals like how the new iOS kernel heap works. We will enable trainees to understand up to date iOS kernel security topics and understand public exploits. However this version of the course will not teach exploitation itself.
During the training, we will make devices availiable on iOS 11 to perform the hands on tasks, because they can only be performed on devices with jailbreaks available.
Stefan Esser is best known in the security community as the PHP security guy. Since he became a PHP core developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. However in his early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet Explorer. In 2003 he was the first to boot Linux directly from the hard disk of an unmodified XBOX through a buffer overflow in the XBOX font loader. In 2004 he founded the Hardened-PHP Project to develop a more secure version of PHP, known as Hardened-PHP, which evolved into the Suhosin PHP Security System in 2006. Since 2007 he works as head of research and development for the German web application company SektionEins GmbH that he co-founded. In 2010 he did his own ASLR implementation for Apple’s iOS and shifted his focus to the security of the iOS kernel and iPhones in general. Since then he has spoken about the topic of iOS security at various information security conferences around the globe. In 2012 he co-authored the book the iOS Hackers Handbook.