WhiskeyCon 2017 - 5 Minutes of MacOS/iOS Zone Allocator Fun
•
2 likes•2,286 views
This document discusses bugs in the iOS zone allocator between iOS versions 9.0 and 9.1. Specifically, it notes that: 1) Between iOS 9.0 and 9.1, the zone allocator had a bug where it moved metadata to the beginning of pages, leaving the first block unused and only fitting 62 elements per page instead of the expected 63. 2) This was due to a bug in the zcram() function that checked if elements would fit using "<" instead of "<=", possibly excluding the last element. 3) The bug was fixed in iOS 9.2 by refactoring zcram() to randomize freelist order, allowing the expected 63 elements to
Report
Share
Report
Share
Download to read offline
Recommended
CanSecWest 2017 - Port(al) to the iOS Core
This document discusses a new iOS kernel exploitation technique that involves manipulating mach ports. It fills the kernel heap with pointers to mach ports, then overwrites those pointers to fake ports that point to attacker-controlled data structures. This allows calling kernel APIs and the Mach API using the fake ports to potentially execute arbitrary code or escalate privileges. The technique was previously private but was leaked in late 2016 and used in the Yalu jailbreak.
SyScan Singapore 2010 - Returning Into The PHP-Interpreter
The document discusses returning into the PHP interpreter through memory corruption exploits, focusing on exploiting a 0-day vulnerability in PHP's unserialize() function. It explains how unserialize() builds a variable table during deserialization to support references, and demonstrates how corrupting this process could allow returning into the PHP interpreter and gaining remote code execution. Potential attack vectors for returning into PHP functions, the bytecode executor, and zend_eval_string() are also outlined.
Find your own iOS kernel bug
The document discusses finding and analyzing iOS kernel bugs through fuzzing techniques. It begins by providing background on the iOS kernel structure based on XNU and OSX. It then summarizes two known iOS kernel bugs from the past that involved integer overflows and type conversions. The document goes on to describe passive and active fuzzing approaches that can be used to find new bugs, including hooking kernel functions to fuzz parameters. It also provides tips on reversing iOS kernel extensions and debugging the kernel. Finally, it analyzes examples of bugs found through fuzzing and how to understand the crash causes and trigger paths through static analysis and debugging.
Csw2016 economou nissim-getting_physical
This document discusses techniques for abusing the Intel paging mechanism on Windows to achieve arbitrary write capabilities despite modern kernel protections. It describes how the HAL's heap can be accessed from user mode by modifying page table entries, allowing kernel pointers to be leaked. It also explains how spraying process memory with fake page directories can cause physical memory exhaustion and potentially lead to arbitrary writes if a sprayed page is mapped. Live demos are promised for Windows and Linux attacks.
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
This document discusses using Intel Processor Trace (Intel PT) for hardware-based tracing on Windows. It provides an overview of Intel PT capabilities and how it can be used for fuzzing and vulnerability discovery. Specifically, it describes the development of WinAFL IntelPT, which integrates Intel PT tracing with the WinAFL evolutionary fuzzer to enable high-performance, hardware-driven fuzzing on Windows.
Red Hat Forum Tokyo - OpenStack Architecture
This was presented at the Red Hat Forum in Tokyo, November 2012. It's a basic getting started with OpenStack using RDO. It's the same as the OpenStack meetups presentation from November 2012
KubeCon EU 2016: What is OpenStack's role in a Kubernetes world?
OpenStack is a global open collaboration to produce an open source infrastructure stack. Since its creation 5 years ago, it moved from an open source compute / object storage IaaS solution to about 30 projects providing programmable infrastructure building blocks. How does this project fit in a container-driven future ? How complementary is it with Kubernetes ? In this talk, Thierry Carrez will detail the long-term vision for OpenStack: infrastructure for a programmable infrastructure world and an integration engine for future infrastructure technologies.
Sched Link: http://sched.co/6BYC
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
This document discusses defeating Windows 8.1's Kernel Patch Protection. It begins with introductions and definitions. It then explains how Patchguard and driver signing enforcement work in Windows 8.1, providing more protection than previous versions. The implementation of Kernel Patch Protection is described, including how it initializes, verifies the kernel, and crashes the system if modifications are detected. Previous methods of attacking Patchguard are reviewed, noting they have all been defeated in the latest version. The document aims to provide information to understand and potentially find new ways of attacking Patchguard.
Recommended
CanSecWest 2017 - Port(al) to the iOS Core
This document discusses a new iOS kernel exploitation technique that involves manipulating mach ports. It fills the kernel heap with pointers to mach ports, then overwrites those pointers to fake ports that point to attacker-controlled data structures. This allows calling kernel APIs and the Mach API using the fake ports to potentially execute arbitrary code or escalate privileges. The technique was previously private but was leaked in late 2016 and used in the Yalu jailbreak.
SyScan Singapore 2010 - Returning Into The PHP-Interpreter
The document discusses returning into the PHP interpreter through memory corruption exploits, focusing on exploiting a 0-day vulnerability in PHP's unserialize() function. It explains how unserialize() builds a variable table during deserialization to support references, and demonstrates how corrupting this process could allow returning into the PHP interpreter and gaining remote code execution. Potential attack vectors for returning into PHP functions, the bytecode executor, and zend_eval_string() are also outlined.
Find your own iOS kernel bug
The document discusses finding and analyzing iOS kernel bugs through fuzzing techniques. It begins by providing background on the iOS kernel structure based on XNU and OSX. It then summarizes two known iOS kernel bugs from the past that involved integer overflows and type conversions. The document goes on to describe passive and active fuzzing approaches that can be used to find new bugs, including hooking kernel functions to fuzz parameters. It also provides tips on reversing iOS kernel extensions and debugging the kernel. Finally, it analyzes examples of bugs found through fuzzing and how to understand the crash causes and trigger paths through static analysis and debugging.
Csw2016 economou nissim-getting_physical
This document discusses techniques for abusing the Intel paging mechanism on Windows to achieve arbitrary write capabilities despite modern kernel protections. It describes how the HAL's heap can be accessed from user mode by modifying page table entries, allowing kernel pointers to be leaked. It also explains how spraying process memory with fake page directories can cause physical memory exhaustion and potentially lead to arbitrary writes if a sprayed page is mapped. Live demos are promised for Windows and Linux attacks.
CSW2017Richard Johnson_harnessing intel processor trace on windows for vulner...
This document discusses using Intel Processor Trace (Intel PT) for hardware-based tracing on Windows. It provides an overview of Intel PT capabilities and how it can be used for fuzzing and vulnerability discovery. Specifically, it describes the development of WinAFL IntelPT, which integrates Intel PT tracing with the WinAFL evolutionary fuzzer to enable high-performance, hardware-driven fuzzing on Windows.
Red Hat Forum Tokyo - OpenStack Architecture
This was presented at the Red Hat Forum in Tokyo, November 2012. It's a basic getting started with OpenStack using RDO. It's the same as the OpenStack meetups presentation from November 2012
KubeCon EU 2016: What is OpenStack's role in a Kubernetes world?
OpenStack is a global open collaboration to produce an open source infrastructure stack. Since its creation 5 years ago, it moved from an open source compute / object storage IaaS solution to about 30 projects providing programmable infrastructure building blocks. How does this project fit in a container-driven future ? How complementary is it with Kubernetes ? In this talk, Thierry Carrez will detail the long-term vision for OpenStack: infrastructure for a programmable infrastructure world and an integration engine for future infrastructure technologies.
Sched Link: http://sched.co/6BYC
NSC #2 - D2 01 - Andrea Allievi - Windows 8.1 Patch Protections
This document discusses defeating Windows 8.1's Kernel Patch Protection. It begins with introductions and definitions. It then explains how Patchguard and driver signing enforcement work in Windows 8.1, providing more protection than previous versions. The implementation of Kernel Patch Protection is described, including how it initializes, verifies the kernel, and crashes the system if modifications are detected. Previous methods of attacking Patchguard are reviewed, noting they have all been defeated in the latest version. The document aims to provide information to understand and potentially find new ways of attacking Patchguard.
SyScan360 - Stefan Esser - OS X El Capitan sinking the S\H/IP
With the release of OS X El Capitan Apple has introduced a new protection to the OS X kernel called System Integrity Protection (SIP). The purpose of this new mitigation is to lock down the system from attackers who have already gained root access.
In the first part of this session we will elaborate what exactly SIP tries to protect against and how its features are implemented and integrated into the kernel. In the second part of this presentation we will then dive into obvious shortcomings of this implementation and discuss design weaknesses and actual bugs that allow to bypass it. All weaknesses will be demoed to the audience.
SyScan 2015 Bonus Slides - death of the vmsize=0 dyld trick
During my talk at SyScan 2015 i promised to disclose among all the fail of Apple how their patches for "Patient ALPHA" actually killed a previously unknown 0-day incomplete code signing vulnerability that was just waiting to be used in the next jailbreak.
SyScan 2015 - iOS 678 Security - A Study in Fail
Talk from SyScan 2015 about Apple Security failing to patch vulnerabilities over and over again, because they have apparently no QA at all on security patches.
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
iOS 8 specific security talk given at Ruxcon 2014 security conference. Includes description of kernel vulnerability used to break KASLR in Pangu 7.1 + TAIG 8.1.1 jailbreaks.
CanSecWest 2013 - iOS 6 Exploitation 280 Days Later
With the release of iOS6 Apple has cracked down on all published iOS exploitation information. It seems that nearly every trick and technique discussed in talks/papers or books of the last years has been taken care of by Apple in order to stop exploitation for jailbreaking or more malicious purposes.
This talk will tie in with the iOS6 Security talk by Azimuth Security that discussed various kernel hardenings performed by Apple, and discuss further security relevant changes in iOS 6.1 kernel affecting kernel exploitation and user space exploitation.
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS Kernel
Targeting the iOS Kernel
Although the iPhone user land is locked down very tightly, previous talks about iPhone security have concentrated on user land attacks only. Therefore demonstrated exploit payloads have been very limited in what they can do or cannot do. More complicated work like user land rootkits or the addition of ASLR protection therefore relied entirely on kernel exploitation help from the jailbreaking community.
This presentation will introduce the audience into finding security bugs in iOS kernelspace and how this is different from hunting kernel bugs in Mac OS X. Reverse engineering will be used to extract a lot of information from the kernelcache and then this information is used to enumerate the kernel's attack surface and the corresponding code is located. In addition to that the secrets of activating the iOS internal kernel debugger will be revealed and it will be demonstrated by debugging a previous disclosed iOS kernel exploit.
BlackHat USA 2011 - Stefan Esser - iOS Kernel Exploitation
Exploiting the iOS Kernel
The iPhone user land is locked down very tightly by kernel level protections. Therefore any sophisticated attack has to include a kernel exploit in order to completely compromise the device. Because of this our previous session titled "Targeting the iOS Kernel" already discussed how to reverse the iOS kernel in order to find kernel security vulnerabilities. Exploitation of iOS kernel vulnerabilities has not been discussed yet.
This session will introduce the audience to kernel level exploitation of iPhones. With the help of previously disclosed kernel vulnerabilities the exploitation of uninitialized kernel variables, kernel stack buffer overflows, out of bound writes and kernel heap buffer overflows will be discussed.
Furthermore the kernel patches applied by iPhone jailbreaks will be discussed in order to understand how certain security features are deactivated. A tool will be released that allows to selectively de-activate some of these kernel patches for more realistic exploit tests.
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Building Production Ready Search Pipelines with Spark and Milvus
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Free A4 downloadable and printable Cyber Security, Social Engineering Safety and security Training Posters . Promote security awareness in the home or workplace. Lock them Out From training providers datahops.com
"Choosing proper type of scaling", Olena Syrota
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Taking AI to the Next Level in Manufacturing.pdf
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
What is an RPA CoE? Session 1 – CoE Vision
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.Main news related to the CCS TSI 2023 (2023/1695)
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Choosing The Best AWS Service For Your Website + API.pptx
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
More Related Content
More from Stefan Esser
SyScan360 - Stefan Esser - OS X El Capitan sinking the S\H/IP
With the release of OS X El Capitan Apple has introduced a new protection to the OS X kernel called System Integrity Protection (SIP). The purpose of this new mitigation is to lock down the system from attackers who have already gained root access.
In the first part of this session we will elaborate what exactly SIP tries to protect against and how its features are implemented and integrated into the kernel. In the second part of this presentation we will then dive into obvious shortcomings of this implementation and discuss design weaknesses and actual bugs that allow to bypass it. All weaknesses will be demoed to the audience.
SyScan 2015 Bonus Slides - death of the vmsize=0 dyld trick
During my talk at SyScan 2015 i promised to disclose among all the fail of Apple how their patches for "Patient ALPHA" actually killed a previously unknown 0-day incomplete code signing vulnerability that was just waiting to be used in the next jailbreak.
SyScan 2015 - iOS 678 Security - A Study in Fail
Talk from SyScan 2015 about Apple Security failing to patch vulnerabilities over and over again, because they have apparently no QA at all on security patches.
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
iOS 8 specific security talk given at Ruxcon 2014 security conference. Includes description of kernel vulnerability used to break KASLR in Pangu 7.1 + TAIG 8.1.1 jailbreaks.
CanSecWest 2013 - iOS 6 Exploitation 280 Days Later
With the release of iOS6 Apple has cracked down on all published iOS exploitation information. It seems that nearly every trick and technique discussed in talks/papers or books of the last years has been taken care of by Apple in order to stop exploitation for jailbreaking or more malicious purposes.
This talk will tie in with the iOS6 Security talk by Azimuth Security that discussed various kernel hardenings performed by Apple, and discuss further security relevant changes in iOS 6.1 kernel affecting kernel exploitation and user space exploitation.
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS Kernel
Targeting the iOS Kernel
Although the iPhone user land is locked down very tightly, previous talks about iPhone security have concentrated on user land attacks only. Therefore demonstrated exploit payloads have been very limited in what they can do or cannot do. More complicated work like user land rootkits or the addition of ASLR protection therefore relied entirely on kernel exploitation help from the jailbreaking community.
This presentation will introduce the audience into finding security bugs in iOS kernelspace and how this is different from hunting kernel bugs in Mac OS X. Reverse engineering will be used to extract a lot of information from the kernelcache and then this information is used to enumerate the kernel's attack surface and the corresponding code is located. In addition to that the secrets of activating the iOS internal kernel debugger will be revealed and it will be demonstrated by debugging a previous disclosed iOS kernel exploit.
BlackHat USA 2011 - Stefan Esser - iOS Kernel Exploitation
Exploiting the iOS Kernel
The iPhone user land is locked down very tightly by kernel level protections. Therefore any sophisticated attack has to include a kernel exploit in order to completely compromise the device. Because of this our previous session titled "Targeting the iOS Kernel" already discussed how to reverse the iOS kernel in order to find kernel security vulnerabilities. Exploitation of iOS kernel vulnerabilities has not been discussed yet.
This session will introduce the audience to kernel level exploitation of iPhones. With the help of previously disclosed kernel vulnerabilities the exploitation of uninitialized kernel variables, kernel stack buffer overflows, out of bound writes and kernel heap buffer overflows will be discussed.
Furthermore the kernel patches applied by iPhone jailbreaks will be discussed in order to understand how certain security features are deactivated. A tool will be released that allows to selectively de-activate some of these kernel patches for more realistic exploit tests.
More from Stefan Esser (7)
SyScan360 - Stefan Esser - OS X El Capitan sinking the S\H/IP
SyScan360 - Stefan Esser - OS X El Capitan sinking the S\H/IP
SyScan 2015 Bonus Slides - death of the vmsize=0 dyld trick
SyScan 2015 Bonus Slides - death of the vmsize=0 dyld trick
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
Ruxcon 2014 - Stefan Esser - iOS8 Containers, Sandboxes and Entitlements
CanSecWest 2013 - iOS 6 Exploitation 280 Days Later
CanSecWest 2013 - iOS 6 Exploitation 280 Days Later
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS Kernel
SyScan Singapore 2011 - Stefan Esser - Targeting the iOS Kernel
BlackHat USA 2011 - Stefan Esser - iOS Kernel Exploitation
BlackHat USA 2011 - Stefan Esser - iOS Kernel Exploitation
Recently uploaded
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Building Production Ready Search Pipelines with Spark and Milvus
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Free A4 downloadable and printable Cyber Security, Social Engineering Safety and security Training Posters . Promote security awareness in the home or workplace. Lock them Out From training providers datahops.com
"Choosing proper type of scaling", Olena Syrota
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift
Overview
Dive into the world of anomaly detection on edge devices with our comprehensive hands-on tutorial. This SlideShare presentation will guide you through the entire process, from data collection and model training to edge deployment and real-time monitoring. Perfect for those looking to implement robust anomaly detection systems on resource-constrained IoT/edge devices.
Key Topics Covered
1. Introduction to Anomaly Detection
- Understand the fundamentals of anomaly detection and its importance in identifying unusual behavior or failures in systems.
2. Understanding Edge (IoT)
- Learn about edge computing and IoT, and how they enable real-time data processing and decision-making at the source.
3. What is ArgoCD?
- Discover ArgoCD, a declarative, GitOps continuous delivery tool for Kubernetes, and its role in deploying applications on edge devices.
4. Deployment Using ArgoCD for Edge Devices
- Step-by-step guide on deploying anomaly detection models on edge devices using ArgoCD.
5. Introduction to Apache Kafka and S3
- Explore Apache Kafka for real-time data streaming and Amazon S3 for scalable storage solutions.
6. Viewing Kafka Messages in the Data Lake
- Learn how to view and analyze Kafka messages stored in a data lake for better insights.
7. What is Prometheus?
- Get to know Prometheus, an open-source monitoring and alerting toolkit, and its application in monitoring edge devices.
8. Monitoring Application Metrics with Prometheus
- Detailed instructions on setting up Prometheus to monitor the performance and health of your anomaly detection system.
9. What is Camel K?
- Introduction to Camel K, a lightweight integration framework built on Apache Camel, designed for Kubernetes.
10. Configuring Camel K Integrations for Data Pipelines
- Learn how to configure Camel K for seamless data pipeline integrations in your anomaly detection workflow.
11. What is a Jupyter Notebook?
- Overview of Jupyter Notebooks, an open-source web application for creating and sharing documents with live code, equations, visualizations, and narrative text.
12. Jupyter Notebooks with Code Examples
- Hands-on examples and code snippets in Jupyter Notebooks to help you implement and test anomaly detection models.
Taking AI to the Next Level in Manufacturing.pdf
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
What is an RPA CoE? Session 1 – CoE Vision
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...Edge AI and Vision Alliance
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.Main news related to the CCS TSI 2023 (2023/1695)
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Introduction of Cybersecurity with OSS at Code Europe 2024
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Choosing The Best AWS Service For Your Website + API.pptx
Have you ever been confused by the myriad of choices offered by AWS for hosting a website or an API?
Lambda, Elastic Beanstalk, Lightsail, Amplify, S3 (and more!) can each host websites + APIs. But which one should we choose?
Which one is cheapest? Which one is fastest? Which one will scale to meet our needs?
Join me in this session as we dive into each AWS hosting service to determine which one is best for your scenario and explain why!
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays, June 2024 with Maria Copot 20
June Patch Tuesday
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Programming Foundation Models with DSPy - Meetup Slides
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Recently uploaded (20)
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
Deep Dive: AI-Powered Marketing to Get More Leads and Customers with HyperGro...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
FREE A4 Cyber Security Awareness Posters-Social Engineering part 3
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectors
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
WhiskeyCon 2017 - 5 Minutes of MacOS/iOS Zone Allocator Fun
- 1. 5 Minutes with the MacOS / iOS Zone Allocator WhiskeyCon Singapore, March, 2017
- 2. | © 2017 by ANTID0TE All rights reserved Who am I? • Stefan Esser • from Germany • in Information Security since 1998 • SektionEins GmbH from (2007 - 2016) • Antid0te UG (2013 - now) 2
- 3. | © 2017 by ANTID0TE All rights reserved What is this talk about? • between iOS 9.0 and iOS 9.1 the Zone Allocator had a bug • it was fixed later due to refactoring of zcram() • bug is not a security bug but influences heap layout • might cause trouble for previously working heap-feng-shui code 3
- 4. | © 2017 by ANTID0TE All rights reserved iOS Zone Allocator Allocations in iOS <= 6 • memory page is split into elements • in this example allocation size 64 • every single element is used • 64 elements per page 4
- 5. | © 2017 by ANTID0TE All rights reserved iOS Zone Allocator Allocations in iOS 7 & 8 • Apple added meta data to end of page • one less element (63) fits into a page • exactly what we expect due to the meta data at end 5
- 6. | © 2017 by ANTID0TE All rights reserved iOS Zone Allocator Allocations in iOS 9 • Apple moved meta data to beginning of page • block in beginning cannot be used • but why only 62 elements? • why is the last block still unused? • there must be something wrong 6
- 7. | © 2017 by ANTID0TE All rights reserved zcram() (I) • first element positioned aligned after meta data • following elements are added one by one 7 vm_offset_t first_element_offset; if (zone_page_metadata_size % ZONE_ELEMENT_ALIGNMENT == 0){ first_element_offset = zone_page_metadata_size; } else { first_element_offset = zone_page_metadata_size + (ZONE_ELEMENT_ALIGNMENT - (zone_page_metadata_size % ZONE_ELEMENT_ALIGNMENT)); } for (pos_in_page = first_element_offset; (newmem + pos_in_page + elem_size) < (vm_offset_t)(newmem + PAGE_SIZE); pos_in_page += elem_size) { page_metadata->alloc_count++; zone->count++; /* compensate for free_to_zone */ free_to_zone(zone, newmem + pos_in_page, FALSE); zone->cur_size += elem_size; }
- 8. | © 2017 by ANTID0TE All rights reserved zcram() (II) • checks in each iteration if end of element is still within page • check is broken it uses < (newmem + PAGE_SIZE) • if element ends exactly on page boundary it is considered out of bound • must be <= (newmem + PAGE_SIZE) otherwise always loses last element 8 for (pos_in_page = first_element_offset; (newmem + pos_in_page + elem_size) < (vm_offset_t)(newmem + PAGE_SIZE); pos_in_page += elem_size) { page_metadata->alloc_count++; zone->count++; /* compensate for free_to_zone */ free_to_zone(zone, newmem + pos_in_page, FALSE); zone->cur_size += elem_size; }
- 9. | © 2017 by ANTID0TE All rights reserved iOS Zone Allocator Allocations in iOS 9 >= 9.2 • Apple refactored code - freelist order now randomized • refactoring fixed bug • only meta data at beginning not used • 63 elements fit per page 9
- 10. | © 2017 by ANTID0TE All rights reserved iOS Zone Allocator Allocations in iOS 10 • Apple moved meta data out of page • once again full page used for allocations • exactly 64 elements fit into page 10
- 11. Questions ? www.antid0te.com stefan@antid0te.com © 2017 by ANTID0TE. All rights reserved