Onur Alanbel is an application security researcher whose main focus is developing tools to solve binary analysis problems in addition to write exploits. He graduated from Izmir Institute of Technology, Department of Computer Engineering. He worked for BGA Bilgi Güvenliği Akademisi as an application security specialist between 2013 and 2015. He involved in the research and development of a binary analysis tool called TaintAll. Now, he is co-founder of CRI.
Exploiting Memory Corruptions in XNU Kernel
Exploiting vulnerabilities in the macOS kernel is getting harder due to current mitigations like kASLR, PAGE_ZERO, SMEP, SMAP and other hardenings. The talk aims to show how to chain different memory corruption vulnerabilities for gaining code execution in the XNU kernel. Publishing a new 0day is not a part of the talk, instead public vulnerabilities and a custom vulnerable driver are used for demonstration.