Book update: Chapter 21

Post a reply

:
In an effort to prevent automatic submissions, we require that you enter both of the words displayed into the text field underneath.
Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:
BBCode is ON
[img] is ON
[flash] is OFF
[url] is ON
Smilies are ON
Topic review
   

Expand view Topic review: Book update: Chapter 21

Re: Book update: Chapter 21

Post by backendbilly » Thu Dec 08, 2016 4:13 am

Administrator wrote:I published the very small but detailed Chapter 21, dealing with Pangu's 9.3.3 jailbreak, for free. This way if you got the initial version you can get the PDF as well. Anybody ordering the book as of today will get this built-in .

http://NewOSXBook.com/articles/nuwashi.pdf


I gotta say, very impressive write up J. Special attention is given to the kalloc.1024, KASLR defeat by leaking the vtable address, and IOMFBSwapIORequest::release in user mode :P.

I have to say, for someone to be able to put together in good detail on how the exploit was carried out with emphasis on vulnerability reuse is no short of spectacular. This requires having very deep knowledge in the underlying architecture. In these 6 pages, so much has been covered that seriously makes you feel like an ignorant bastard. Please keep it coming.

Is there any information on the payload they used in those gadgets?

Re: Book update: Chapter 21

Post by vega01 » Thu Nov 17, 2016 2:56 pm

Great! Thank you for creating and sharing this!

Book update: Chapter 21

Post by morpheus » Wed Nov 16, 2016 4:19 pm

I published the very small but detailed Chapter 21, dealing with Pangu's 9.3.3 jailbreak, for free. This way if you got the initial version you can get the PDF as well. Anybody ordering the book as of today will get this built-in .

http://NewOSXBook.com/articles/nuwashi.pdf

Top

cron