What to study to learn macOS/iOS vulnerabilities

[nikkomok]

Good morning everyone, i'm a Computer Science student at college and recently came across this website out of pure curiosity and found this section, does anyone know any sources or online libraries to study the subject in regard in detail? thanks everyone

 

[varwar]

You can look here https://p.ost2.fyi/ for Vulnerabilities 1001/1002 free courses. There're examples of vulnerabilities in XNU, probably in iOS too, I forgot already.

 

[weaver]

To begin with, I would advise you to look at these following resources

The Mac Hacker's Handbook
mega.nz/folder/x1pX2IqS#v8Lx_hqggfgB_E2atNVcYw/folder/BwR2wTgD

iOS Hacker's Handbook
mega.nz/folder/x1pX2IqS#v8Lx_hqggfgB_E2atNVcYw/folder/o8YQlDxK

Beginners Guide to Exploitation on ARM Vol 2.pdf
mega.nz/folder/x1pX2IqS#v8Lx_hqggfgB_E2atNVcYw/file/ok5lEKCR

A course that is publicly available to you Offensive Security
send.exploit.in/download/4025c74c8ce86735/#g0rB-9FU689964CnbVNYLQ

first blood
secfault-security.com/blog/chain3.html

googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-1.html
googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-2.html
googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-3.html
googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-4.html
googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-5.html

For starters, I think this is enough information.

corellium.com

P.s.

I almost forgot, you can also do an apple patch analysis - patch diffing

 

[nikkomok]

To begin with, I would advise you to look at these following resources

The Mac Hacker's Handbook
mega.nz/folder/x1pX2IqS#v8Lx_hqggfgB_E2atNVcYw/folder/BwR2wTgD

iOS Hacker's Handbook
mega.nz/folder/x1pX2IqS#v8Lx_hqggfgB_E2atNVcYw/folder/o8YQlDxK

Beginners Guide to Exploitation on ARM Vol 2.pdf
mega.nz/folder/x1pX2IqS#v8Lx_hqggfgB_E2atNVcYw/file/ok5lEKCR

A course that is publicly available to you Offensive Security
send.exploit.in/download/4025c74c8ce86735/#g0rB-9FU689964CnbVNYLQ

first blood
secfault-security.com/blog/chain3.html

googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-1.html
googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-2.html
googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-3.html
googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-4.html
googleprojectzero.blogspot.com/2019/08/in-wild-ios-exploit-chain-5.html

For starters, I think this is enough information.

corellium.com

PS

I almost forgot, you can also do an apple patch analysis - patch diffing

Thanks very much for your time bro

 

[nikkomok]

You can look here https://p.ost2.fyi/ for Vulnerabilities 1001/1002 free courses. There're examples of vulnerabilities in XNU, probably in iOS too, I forgot already.

Thanks for the information

 

[Dementorfraud]

looks very interesting will take a look thanks guys for a good informative thread

 

[szcznoyov]

проверка на наличие уязвимостей в macOs и проникновение в систему безопасности

macOS Bypassing Firewalls - HackTricks

book.hacktricks.xyz

macOS Security & Privilege Escalation - HackTricks

book.hacktricks.xyz

macOS Proces Abuse - HackTricks

book.hacktricks.xyz

macOS GCD - Grand Central Dispatch - HackTricks

book.hacktricks.xyz

проверьте наличие уязвимостей в IOS и наборов навыков

https://book.hacktricks.xyz/mobile-pentesting/ios-pentesting/ios-hooking-with-objection

https://book.hacktricks.xyz/mobile-pentesting/ios-pentesting/basic-ios-testing-operations

вы также можете проверить каналы и базы данных уязвимостей на наличие последних уязвимостей, таких как:

NVD - Vulnerabilities

nvd.nist.gov

Open Source & Cloud Native Application Security Blog | Snyk

Level up your open source & cloud native application security knowledge. Stay up to date with news & happenings in cloud, container, serverless security & more!

snyk.io

 

[basileusapoleiaoff]

Good morning everyone, i'm a Computer Science student at college and recently came across this website out of pure curiosity and found this section, does anyone know any sources or online libraries to study the subject in regard in detail? thanks everyone

Look this Art of Mac Malware https://dokumen.pub/the-art-of-mac-...3-1718501951-9781718501942-9781718501959.html


https://www.inversecos.com/2022/06/guide-to-reversing-and-exploiting-ios.html

You should learn all things related to arm64 https://mariokartwii.com/armv8/

You can learn specific binary exploitation for arm64 https://ad2001.gitbook.io/a-noobs-guide-to-arm-exploitation/ and https://github.com/HenryHoggard/awesome-arm-exploitation.git

You can train here https://github.com/bkerler/exploit_me

Also take a look of known vulnerabilities for iOS on https://www.cvedetails.com/vendor/49/Apple.html

Remember practice is you're way to go


Have a nice day and have fun learning