XPC Exploitation series Learn XPC exploitation - Part 1: Broken cryptography Learn XPC exploitation - Part 2: Say no to the PID! Learn XPC exploitation - Part 3: Code injections Intro Hey! In my last post, I showed you how weak SecRequirement string might lead to incoming connections validation issues. This post will focus on another way to trick XPC servers into trusting our malicious process. 😈 We’re going to exploit a vulnerability that I found some time ago in Malwarebytes.| wojciechregula.blog
After my recent blog post, my old mate @_Dark_Knight_ reached out to me and he asked me a question: “Do you typically callout user apps that allow dyld_insert_libraries?” And a few similar ones, and I will be honest, I had no idea what is he talking about, if only I understood the question :D Despite the fact that my recent blog posts and talks are about macOS, I deal much more with Windows on a daily basis, probably like 95%, and macOS is still a whole new territory for me.| theevilbit.github.io
XPC Exploitation series Learn XPC exploitation - Part 1: Broken cryptography Learn XPC exploitation - Part 2: Say no to the PID! Learn XPC exploitation - Part 3: Code injections After my talk on Objective by the Sea v3 I received a lot of questions regarding XPC exploitation. I think summing it up in a blog post series is a good idea, so here you have the first one! A post covering how to secure XPC services is planned in the nearest future.| wojciechregula.blog
Hey Hackers! 👋🏻 In this blog post, I want to show you why signing applications with get-task-allow entitlement may be dangerous and can lead to local privilege escalation bugs. We are going to exploit a real application, iExplorer, iOS application pentesters widely use that. Make a notice that iExplorer is only an example - a lot of apps have that excessive entitlement set. Entitlements? Since Mac OS X 10.11 El Capitan, Apple decided to add a new feature called System Integrity Protecti...| wojciechregula.blog