OS X Kernel Internals for Security Researchers

Instructor: Stefan Esser
Dates: 15-18 June 2015
Capacity: 18 Seats

This brand new course introduces you to the low level internals of the OS X kernel from the perspective of a security researcher interested in vulnerability analysis, kernel rootkit/malware analysis/detection or kernel exploit development.

While this course is concentrating on OS X Mavericks and Yosemite on the x64 cpu architecture many of the topics are also relevant for the iOS kernel.

Class Outline

Class Requirements


Basic understanding of exploitation

Knowledge of X64 assembly

Hardware Requirements:

Apple Mac Notebook capable of running latest OS X within VMWARE

Enough hard disk space to run VMs

Minimum Software to install:

Mac OS X Yosemite

VMWARE Fusion for running Mac OS X VMs

IDA Pro with 64bit support

Alternatively Hopper if IDA is not available


Stefan Esser is best known in the security community as the PHP security guy. Since he became a PHP core developer in 2002 he devoted a lot of time to PHP and PHP application vulnerability research. However in his early days he released lots of advisories about vulnerabilities in software like CVS, Samba, OpenBSD or Internet Explorer. In 2003 he was the first to boot Linux directly from the hard disk of an unmodified XBOX through a buffer overflow in the XBOX font loader. In 2004 he founded the Hardened-PHP Project to develop a more secure version of PHP, known as Hardened-PHP, which evolved into the Suhosin PHP Security System in 2006. Since 2007 he works as head of research and development for the German web application company SektionEins GmbH that he co-founded. In 2010 he did his own ASLR implementation for Apple's iOS and shifted his focus to the security of the iOS kernel and iPhones in general. Since then he has spoken about the topic of iOS security at various information security conferences around the globe. In 2012 he co-authored the book the iOS Hackers Handbook.

To Register

Click here to register.