Book update: Chapter 21

Comments about the book, Requests for content to be covered in the 2nd Edition? Post them here!

Book update: Chapter 21

Postby morpheus » Wed Nov 16, 2016 4:19 pm

I published the very small but detailed Chapter 21, dealing with Pangu's 9.3.3 jailbreak, for free. This way if you got the initial version you can get the PDF as well. Anybody ordering the book as of today will get this built-in .

http://NewOSXBook.com/articles/nuwashi.pdf
morpheus
Site Admin
 
Posts: 530
Joined: Thu Apr 11, 2013 6:24 pm

Re: Book update: Chapter 21

Postby vega01 » Thu Nov 17, 2016 2:56 pm

Great! Thank you for creating and sharing this!
vega01
 
Posts: 19
Joined: Mon Sep 28, 2015 4:59 pm

Re: Book update: Chapter 21

Postby backendbilly » Thu Dec 08, 2016 4:13 am

Administrator wrote:I published the very small but detailed Chapter 21, dealing with Pangu's 9.3.3 jailbreak, for free. This way if you got the initial version you can get the PDF as well. Anybody ordering the book as of today will get this built-in .

http://NewOSXBook.com/articles/nuwashi.pdf


I gotta say, very impressive write up J. Special attention is given to the kalloc.1024, KASLR defeat by leaking the vtable address, and IOMFBSwapIORequest::release in user mode :P.

I have to say, for someone to be able to put together in good detail on how the exploit was carried out with emphasis on vulnerability reuse is no short of spectacular. This requires having very deep knowledge in the underlying architecture. In these 6 pages, so much has been covered that seriously makes you feel like an ignorant bastard. Please keep it coming.

Is there any information on the payload they used in those gadgets?
backendbilly
Site Admin
 
Posts: 132
Joined: Fri May 29, 2015 5:58 pm


Return to *OS Internals - 2nd Edition

Who is online

Users browsing this forum: No registered users and 0 guests