CYBERSEC 2022 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy. I Agree
SESSION
09/22 11:45 - 12:15 Threat Research Forum
There's no S(Security) in macOS SIP
Six years ago, since the advent of System Integrity Protection (SIP) framework on macOS Yosemite, a protection mechanism protects files from being modified even with elevated privileges, which Apple deeply trusts to stop systems being maliciously tampered with or having data being stolen. Apple does not believe in empowering the users and went down a road of taking away privileges from users.
However, during these six years, we have seen more and more attacks allowing bypassing SIP to make modification to crucial files within the system. Moreover, multiple articles on the Internet instruct you to disable SIP entirely. We will introduce multiple bypasses for SIP in this session, and how Apple implemented this protection in the first place.
SPEAKER
Ta-Lun Yen is an independent researcher with interests in reverse engineering, protocol analysis, wireless security, embedded & IoT/ICS device security. Been a member of a Taiwanese InfoSec community "UCCU Hacker". Presented at various conferences & events including HITCON, Black Hat, CODE BLUE. Joined Trend Micro (TXOne Networks) with focus on offensive security.