< NULLCON 2023 - Berlin />

About the Speaker

Recordings CFP Registration Speakers Training CTF Live Bug Hunting Schedule Ideas for GreenCon Hack Young Sponsors Venue

GO BACK

Jonathan Bar Or

Principal Security Researcher at Microsoft

< Talk Title />

The Achilles Heel Of The macOS Gatekeeper

< Talk Category />

Technical Speakers

< Talk Abstract />

In recent years, Apple has significantly hardened macOS, making it harder for attackers to run arbitrary code on the system. One of the strictest hardening mechanisms completely stops non-notarized downloaded binaries from executing on the system. This is known as the "Gatekeeper."

In this talk, we will discuss how Gatekeeper works, review recent Gatekeeper bypasses, and show our very own novel Gatekeeper bypass 0day reported to Apple in 2022. Lastly, we will examine heuristics for detection offered by Microsoft Defender for Endpoint on macOS.

< Speaker Bio />

Jonathan Bar Or ("JBO") is a Principal Security Researcher at Microsoft, working as the Microsoft Defender research architect for cross-platform. Jonathan has rich experience in vulnerability research, exploitation, cryptanalysis, and offensive security in general.