papers.put.as

A collection of papers and presentation slides related to macOS, iOS, and (U)EFI Firmware.

Changelog

2019-08-28 - macOS

Bootbandit: A macOS Bootloader Attack
Bootbandit: A macOS Bootloader Attack

2019-08-28 - iOS

2019-08-28 - Firmware

2019-08-28 - Fuzzing

2019-08-28 - Malware

2019-08-26 - macOS

Crashing to root:

How to bypass SIP on macOS
MACDOORED - A FIRST LOOK INTO REAL-WORLD MACOS INTRUSIONS
When Macs Come Under ATT&CK
FROM APPLE SEEDS TO APPLE PIE
APFS - No clever or witty subtitle.
Aliens Among Us
What’s Your Game Plan? Leveraging Apple’s Game Engine to Detect macOS Threats
Code signing flaw in macOS
Who moved my pixels?!
Protecting the Garden of Eden
IOService Becomes a Grandpa
Drill the Apple Core: Up & Down - Fuzzing Apple Core component in Kernel and User Mode for Fun and Profit
Harnessing Weapons of Mac Destruction
Unpacking .pkgs - A look inside macOS Installer packages and common security flaws
How to gain root with CVE-2018-4193 in < 10s
Debug for bug: Crack and Hack Apple Core by itself

2019-08-26 - iOS

The last line of defense: understanding and attacking Apple File System on iOS
Eternal War in XNU Kernel Objects
The hidden gems of iOS
Life as an iOS Attacker
Towards Discovering Remote Code Execution Vulnerabilities in Apple FaceTime
Look, No Hands! The Remote, Interaction-less Attack Surface of the iPhone
Attacking iPhone XS Max
All Your Apple Are Belong To Us: Unique Identification and Cross-device Tracking of Apple Devices
Seeing Inside The Encrypted Envelope
WEN ETA JB? A 2 million dollars problem
WEN ETA JB? A 2 million dollars problem

2019-08-26 - Firmware

BETRAYING THE BIOS: WHERE THE GUARDIANS OF THE BIOS ARE FAILING
Breaking Through Another Side - Bypassing Firmware Security Boundaries from Embedded Controller
Inside the Apple T2
Behind the Scenes of Intel Security and Manageability Engine

2019-08-26 - Fuzzing

Dig Into The Attack Surface of PDF and Gain 100+ CVEs in 1 Year

2019-08-26 - Malware

THE ‘ICEFOG’ APT: A TALE OF CLOAK AND THREE DAGGERS
.NET MALWARE THREAT: INTERNALS AND REVERSING