A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


I Can Be Apple, and So Can You - Josh Pitts Derbycon 2018 (Hacking Illustrated Series InfoSec Tutorial Videos)

I Can Be Apple, and So Can You
Josh Pitts
Derbycon 2018

Cryptographic verification of executables is a core security feature that many third-party developers and security personnel have learned to trust. During this talk, the speaker will cover the most recent Apple code signing bug that was found to affect everyone that uses Apple’s documented APIs for conducting code signing checks of signed applications. This will include the methodology for finding the issue, the reporting process, working with vendors, and a path forward for organizations that use Apple code signing as a measure of trust.

Josh Pitts is a Staff Engineer at Okta with over 15 years’ experience conducting physical and IT security assessments, IT security operations support, penetration testing, malware analysis, reverse engineering and forensics. He also served in the Marines working in SIGINT during the last part of the 20th Century. He likes to write low level code and flip bits for fun. Sometimes this leads to the discovery of funny bugs and to Russians patching stuff over the Internet and code signing issues.

@midnite_runr

Back to Derbycon 2018 video list

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast