All Apple systems deploy a same hybrid kernel structure called XNU. However, most of XNU defenses can be bypassed through corrupting defenseless kernel objects. This session will summarize this type of attack as (Mach) port object-oriented programming (POP) and propose XNU Kernel Object Protector (XKOP) to significantly reduce the number of possible targets for unprotected kernel objects.
Learning Objectives: 1: Understand what is jailbreaking and what is the core of Apple systems. 2: Learn how to use PKOOP to bypass latest mitigation techniques in XNU kernel. 3: Find out the way to use XNU kernel object protector to defend against PKOOP attack.