Ivan Kristin earlier this month gave a talk at Black Hat around the security of iOS. He covered the three main concerns,
"HomeKit, Auto Unlock and iCloud Keychain are three Apple technologies that handle exceptionally sensitive user data - controlling devices (including locks) in the user's home, the ability to unlock a user's Mac from an Apple Watch, and the user's passwords and credit card information, respectively. We will discuss the cryptographic design and implementation of our novel secure synchronization fabric which moves confidential data between devices without exposing it to Apple, while affording the user the ability to recover data in case of device loss.
Data Protection is the cryptographic system protecting user data on all iOS devices. We will discuss the Secure Enclave Processor present in iPhone 5S and later devices and explain how it enabled a new approach to Data Protection key derivation and brute force rate limiting within a small TCB, making no intermediate or derived keys available to the normal Application Processor.
Traditional browser-based vulnerabilities are becoming harder to exploit due to increasingly sophisticated mitigation techniques. We will discuss a unique JIT hardening mechanism in iOS 10 that makes the iOS Safari JIT a more difficult target."
The full video is available here.
WiFi hacking has long been a favorite pastime of hackers, penetration testers, and people too cheap to pay for their own Internet connection. And there are plenty of targets out there for would-be hackers and war drivers to go after—just launch a WiFi scanner app in any residential neighborhood or office complex, and you're bound to find an access point that's either wide open or protected by weak encryption. Fortunately (or unfortunately, if you're the one looking for free WiFi), those more blatant security holes are going away through attrition as people upgrade to newer routers or network administrators hunt down vulnerabilities and stomp them out. But as one door closes, another opens.
I have just released a new tool at http://projects.jason-rush.com/buffer-overflow-eip-offset-string-generator that is a web equivalent of the Metasploit, pvefindaddr, and Mona scripts: pattern_create and pattern_offset.
This tool is to help find how far into a Buffer Overflow exploit string your return address needs to be in order to overwrite EIP successfully.
I appreciate any comments, suggestions, thoughts, etc...
Some people seem to be confused by what Roothack is so I wanted to start this post by explaining it a little bit. Roothack.org is hacker lab where we bring you multiple environments and levels that will teach you the basics of hacking, or exploitation if you will. We recently just facelifted the entire project and it is continuing to gain users weekly.
We've been working on this for quite sometime and we will continue to work on it for quite sometime. Some changes may occur, the site maybe offline line, from time to time, but we will do our best to keep things up and operation. This new system should be us a tremendous amount of flexibility to do just that. We hope you enjoy.