Overview
This course covers the learning outcomes and goals of understanding the security features of OSX El Capitan, including System Integrity Protection (SIP) and its configurations. It teaches skills such as identifying system integrity restrictions, integrating user space protection, and exploiting vulnerabilities. The teaching method involves discussing protection mechanisms and demonstrating exploitation techniques. The intended audience for this course includes security professionals, system administrators, and individuals interested in macOS security.
Syllabus
Intro
System Integrity Protection (SIP)
System with and without SIP
System Integrity Restriction
System Integrity Protection Configuration Flags
System Integrity Protection User Space Integration
System Integrity Protection Sandbox Filters
Protection of restricted processes
Launch Daemon Protection
Boot Arguments that make exploitation easier
Triggering Kernel Debugger
Abuse of Entitlements via Kernel
Taught by
SyScan360