Conference Talks & Tools
We're stoked for the following presentations and tool demos!
Talks:
Endpoint Security and Insecurity (⏱️: 50 minutes)
👨🏻💻 Scott Knight (@sdotknight), Threat Researcher at VMware Carbon Black (📝: full bio)
👨🏻💻 Scott Knight (@sdotknight), Threat Researcher at VMware Carbon Black (📝: full bio)
Scott Knight is a Threat Researcher on the VMware Carbon Black TAU team. Specifically on the NSAT (Nation State and Advanced Tactics) group within TAU. He works to reverse engineer malware, track threat actors and share information with the security community.
Scott has a specific interest in macOS malware and macOS system internals.
Scott has a specific interest in macOS malware and macOS system internals.
One of the most interesting things, from a security perspective, announced at the 2019 Apple WWDC was System Extensions. System Extensions are a natural evolution of Apple’s desire to move third party developers out of the kernel. From a developer’s perspective this means access to more modern programming languages like Swift when writing security tools. From an end user’s perspective this should mean increased stability with less third party code running in the kernel.
In this talk I’ll present a deep dive into one of the new System Extension types: the EndpointSecurity framework. I’ll cover the internals of how the framework works, starting with the kernel level, then the system level and finally how the user level applications get access to information provided by the framework. I’ll also cover some of the challenges that come from the EndpointSecurity framework architecture. Finally I’ll share details around CVE-2019-8805, a local privilege escalation bug found in the framework and fixed in macOS 10.15.1.
iMessage Exploitation (⏱️: 50 minutes)
👨🏻💻 Samuel Groß (@5aelo), Security Researcher at Google Project Zero (📝: full bio)
👨🏻💻 Samuel Groß (@5aelo), Security Researcher at Google Project Zero (📝: full bio)
Samuel works at Google Project Zero where he does offensive security research, mainly focused on web browsers and mobile devices.
So called "0-click" exploits, in which no user interaction is required to compromise a mobile device, have become a highly interesting topic for security researchers, and not just because Apple announced a one million dollar bug bounty for such exploits against the iPhone last year.
This talk will go into the details of how a single memory corruption vulnerability in iMessage was remotely exploited to compromise an iPhone without any user interaction. Special attention will be given to features and internals specific to iOS and macOS that were (ab)used for exploitation.
Binary Emulation Environment for Mach-O Malware (⏱️: 25 minutes)
👩🏻💻 Erika Noerenberg (@gutterchurl), Forensicator and malware RE, VMware Carbon Black TAU (📝: full bio)
👩🏻💻 Erika Noerenberg (@gutterchurl), Forensicator and malware RE, VMware Carbon Black TAU (📝: full bio)
Erika Noerenberg is a Senior Threat Researcher with VMware Carbon Black’s Threat Analysis Unit, with over 15 years of experience in the security industry specializing in digital forensics, malware analysis, and software development.
Previously, she worked as a malware analyst at LogRhythm Labs and as a forensic analyst and reverse engineer for the Defense Cyber Crime Center (DC3), performing system and malware examinations in support of intrusions investigations for the Department of Defense and FBI.
Previously, she worked as a malware analyst at LogRhythm Labs and as a forensic analyst and reverse engineer for the Defense Cyber Crime Center (DC3), performing system and malware examinations in support of intrusions investigations for the Department of Defense and FBI.
As threats on the Mac platform have increased in prevalence and sophistication, analysts require more time and resources to manually analyze available samples. As a result, the need to automate malware analysis has become of paramount importance. Although many static analysis tools exist for Mach-O binaries, the amount of actionable information able to be extracted from malicious samples is increasingly limited as adversaries employ additional methods of obfuscation. While more information can be obtained from traditional dynamic analysis, this method is costly in time and resources and is still vulnerable to anti-analysis techniques such as virtual machine detection. For this reason, methods for extracting data from binaries at scale typically rely on static analysis.
Binee (Binary Emulation Environment) is an open source binary emulation environment developed by Carbon Black researchers Kyle Gwinnup and John Holowczak and introduced in August of 2019 at DEF CON 27. Through emulation of execution, Binee provides a method for capturing runtime information typically obtained from dynamic analysis, but at the cost and scale at which static analysis can run. Furthermore, Binee can run in the cloud at scale on any platform and output structured data for post processing. This can facilitate the automation of malware analysis, data extraction, and hunting across large datasets. Although previously only released for the emulation of Windows binaries, we have extended Binee functionality to support emulation of 64-bit Mach-O binaries. This talk will briefly introduce the “how” and “why” of Binee for Mach-O binaries, but will mostly focus on its application for the malware analyst and threat hunter using real-world samples to demonstrate the power of static process emulation.
Walking the Bifrost: An operator's guide to Heimdal and Kerberos on macOS (⏱️: 50 minutes)
👨🏻💻 Cody Thomas (@its_a_feature_), Red Team Operator & Developer Specter Ops (📝: full bio)
👨🏻💻 Cody Thomas (@its_a_feature_), Red Team Operator & Developer Specter Ops (📝: full bio)
Cody Thomas is a red team operator and developer focusing on macOS and *nix devices. He created the initial Mac and Linux ATT&CK matrices while he was working on the Adversary Emulation team at MITRE.
Cody has spoken at a few conferences and works on his open source framework for Red Teaming called Apfell.
Cody has spoken at a few conferences and works on his open source framework for Red Teaming called Apfell.
Credentials are more than just passwords. Kerberos is more than just Windows Active Directory. This talk goes into the inner workings of macOS's Heimdal implementation of Kerberos, credential caches, keytabs, hashes, tickets, and authentication mechanisms. We will walk through how Kerberos works, how Active Directory joined macOS endpoints can be leveraged from an offensive perspective, and how defenders can start looking for these techniques.
Finally, we'll do a deep dive into the LKDC - the local key distribution center located on every macOS endpoint since 10.5 and how that can be leveraged from an offensive perspective when a mac is NOT joined to an Active Directory domain. All techniques covered in the talk will be available in an open source tool called Bifrost which leverages native Kerberos APIs without the need for Python or scripting languages.
Exploring MacOS with APOLLO (⏱️: 25 minutes)
👩🏼💻 Sarah Edwards (@iamevltwin), Senior Digital Forensics Researcher at BlackBag Technologies (📝: full bio)
👩🏼💻 Sarah Edwards (@iamevltwin), Senior Digital Forensics Researcher at BlackBag Technologies (📝: full bio)
Sarah is a Senior Digital Forensics Researcher at BlackBag Technologies working in DC metro area specializing in Mac and Mobile Forensics. She has worked with various federal law enforcement agencies and has performed a variety of investigations including computer intrusions, criminal, and counter intelligence/terrorism/narcotics.
Sarah's research interests include anything and everything Apple related, mobile devices, digital profiling, and Mac and mobile device security. Sarah has presented at many industry security and forensic conferences and is an author & instructor for the SANS Institute (teaching classes such as SANS FOR518 Mac Forensic Analysis and Incident Response).
Sarah's research interests include anything and everything Apple related, mobile devices, digital profiling, and Mac and mobile device security. Sarah has presented at many industry security and forensic conferences and is an author & instructor for the SANS Institute (teaching classes such as SANS FOR518 Mac Forensic Analysis and Incident Response).
At v1.0 of OBTS I introduced a proof-of-concept tool called APOLLO correlate and analyze the pattern-of-life data provided by iOS devices. Since its introduction, it has been heavily used in many forensic investigations across the world and integrated into commercial forensic products. I have spent hours of my life continuously updating with each iOS update. There are always more databases to add, changed database schemas, and new features to be investigated. This presentation will show updates to the tool that will include macOS specific data.
macOS devices may not seem as in tune to the intimacies of our lives, but you would be surprised that much of that data is synced across devices. Users will likely be doing more productive work on macOS devices versus iOS therefore I will also discuss the security specific tracking data. This talk will discuss some of the differences, similarities, and difficulties that macOS presents over iOS.
File Quarantine Handling in macOS Apps (⏱️: 50 minutes)
👨🏻💻 Vladimir Metnew (@vladimir_metnew), AppSec engineer at Grammarly (📝: full bio)
👨🏻💻 Vladimir Metnew (@vladimir_metnew), AppSec engineer at Grammarly (📝: full bio)
Vladimir works at Grammarly, where he is working on application security.
He focuses on macOS, static code analysis, browser security, and underlying engineering concepts required for an in-depth understanding of these fields.
He focuses on macOS, static code analysis, browser security, and underlying engineering concepts required for an in-depth understanding of these fields.
File Quarantine is a foundational security mechanism of macOS that aims to protect macOS users from a variety of network-based attacks.
In this talk we'll first explore File Quarantine internals. Following this, we'll identify a variety of popular 3rd-party applications that fail to utilize this securiy mechanism, opening up macOS users to remote exploitation. We'll end by demonstrating various exploit chains that abuse the oversight by these applications.
The Case of the Fly on the Wall (⏱️: 25 minutes)
👨🏻💻 Thomas Reed (@thomasareed), Director of Mac & Mobile at Malwarebytes (📝: full bio)
👨🏻💻 Thomas Reed (@thomasareed), Director of Mac & Mobile at Malwarebytes (📝: full bio)
Thomas Reed has been a Mac user since 1984, and is a self-taught developer and security researcher. He is the founder of The Safe Mac and creator of the AdwareMedic adware removal tool for Macs.
He is currently Director of Mac & Mobile at Malwarebytes, where he directs product development and Mac security research. His hobbies include hiking and photography, and he is happily married with four children.
He is currently Director of Mac & Mobile at Malwarebytes, where he directs product development and Mac security research. His hobbies include hiking and photography, and he is happily married with four children.
It's not every day that we see a truly unique and interesting piece of malware on the Mac. So much Mac malware is poorly written, steals from someone else's proof-of-concept, and/or drops open-source exploit kits. But it's even more rare that we learn exactly who was behind a piece of very interesting malware, how they were identified, and see them prosecuted!
This is the story of a piece of creepy spyware that was in the wild for ten years before being discovered, how it was found, and how its capabilities were identified. It is also the story of the man who allegedly created the malware, how he was caught, and the criminal case against him.
Abusing and Securing XPC in macOS Apps (⏱️: 25 minutes)
👨🏻💻 Wojciech Reguła (@_r3ggi), IT Senior Security Specialist at SecuRing (📝: full bio)
👨🏻💻 Wojciech Reguła (@_r3ggi), IT Senior Security Specialist at SecuRing (📝: full bio)
Wojciech is an IT Senior Security Specialist employed at SecuRing. Professionally responsible for web and mobile security testing with particular emphasis on iOS.
He is also a creator of iOS Security Suite, an open source anti-tampering Swift framework. Recently interested also in macOS app security. In free time he runs an infosec blog, https://wojciechregula.blog.
He is also a creator of iOS Security Suite, an open source anti-tampering Swift framework. Recently interested also in macOS app security. In free time he runs an infosec blog, https://wojciechregula.blog.
XPC is a well-known interprocess communication mechanism used on Apple devices. Abusing XPC led to many severe bugs, including those used in jailbreaks. While the XPC bugs in Apple's components are harder and harder to exploit, did we look at non-Apple apps on macOS? As it turns out, vulnerable apps are everywhere - Anti Viruses, Messengers, Privacy tools, Firewalls, and more.
In this talk, I will:
- Explain how XPC/NSXPC work
- Present you some of my findings in popular macOS apps (e.g. local privilege escalation to r00t)
- Abuse an interesting feature on Catalina allowing to inject an unsigned dylib
- Show you how to fix that vulnz finally!
Grafting Apple Trees (⏱️: 25 minutes)
👨🏻💻 Jaron Bradley (@jbradley89), macOS Detections, Team Lead at Jamf (📝: full bio)
👨🏻💻 Jaron Bradley (@jbradley89), macOS Detections, Team Lead at Jamf (📝: full bio)
Jaron has a background in incident response and threat hunting across Unix based platforms. He currently works as the macOS detections lead for Jamf Protect.
As an OG, he was the first ever speaker at the Objective By the Sea conferences and he makes sure to remind everyone about that each year. Although the conferences are always a blast, he primarily attends for the super ono Hawaiian food.
As an OG, he was the first ever speaker at the Objective By the Sea conferences and he makes sure to remind everyone about that each year. Although the conferences are always a blast, he primarily attends for the super ono Hawaiian food.
During an incident response investigation, one of the most important items you collect is a list of running processes. On most platforms this allows you to map out a process tree using pids and ppids. However, due to Apple's unique XPC behavior, the majority of all processes end up getting created as a child of launchd providing little value to incident response analysts.
This talk will focus on how to build a process tree that actually benefits incident responders using the procinfo output. The talk will end with a free tool release titled "TrueTree".
Job(s) Bless Us! Privileged Operations on macOS (⏱️: 25 minutes)
👩🏼💻 Julia Vashchenko (@iaronskaya), macOS Engineer at MacPaw (📝: full bio)
👩🏼💻 Julia Vashchenko (@iaronskaya), macOS Engineer at MacPaw (📝: full bio)
Julia is a macOS Engineer currently at MacPaw (CleanMyMac Malware Module), having previously worked as a C++ macOS Engineer for Comodo Security Solutions at the macOS Antivirus project.
She is a macOS lead at "Women Who Code Kyiv", a mentor of a workshop on IPC (SwiftAveiro conference) and has recently gave a talk on modern approach to modularizing code (SwiftHeroes conference).
She is a macOS lead at "Women Who Code Kyiv", a mentor of a workshop on IPC (SwiftAveiro conference) and has recently gave a talk on modern approach to modularizing code (SwiftHeroes conference).
Operation system's security depends a lot on the way developers handle privileged operations. Is it easy to make a mistake? Is the recommended way actually better than a deprecated API?
Recently, we gained insight into these questions during our company's bug bounty program, which led to some surprising conclusions, which we'll share today.
Documents of Doom: Infecting macOS via Office Macros (⏱️: 25 minutes)
👨🏻💻 Patrick Wardle (@patrickwardle), Principal Security Research at Jamf (📝: full bio)
👨🏻💻 Patrick Wardle (@patrickwardle), Principal Security Research at Jamf (📝: full bio)
Patrick Wardle is a Principal Security Research at Jamf and founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy.
Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.
Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.
On the Windows platform, macro-based attacks are well understood (and frankly are rather old news). However on macOS, though such attacks are growing in popularity and are quite en vogue, they have received far less attention from the research and security community.
In this talk, we will begin by analyzing recent macro-based attacks that target Apple's desktop OS, highlighting macOS-specific exploit code and payloads. Rather unsurprisingly though, these attacks are unsophisticated, requiring explicit user-approval to run the malicious macro code and remain constrained by Office's constrictive sandbox. Rather lame!
However, things could be worse! We'll end the talk by detailing a novel exploit chain (created by yours truly), that starts with CVE-2019-1457, leverages a new sandbox escape and ends with a full bypass of Apple's stringent notarization requirements. Triggered by simply opening a malicious (macro-laced) Office document, no other user interaction required, in order to persistently infect even a fully-patched macOS Catalina system!
...so maybe don't open any Office documents for the time being!? 📝☠️
Mimic in Configuration (⏱️: 25 minutes)
👨🏻💻 Manabu Niseki (@ninoseki), Security Researcher (📝: full bio)
👨🏻💻 Suguru Ishimaru, Security Research at Kaspersky (📝: full bio)
👨🏻💻 Manabu Niseki (@ninoseki), Security Researcher (📝: full bio)
👨🏻💻 Suguru Ishimaru, Security Research at Kaspersky (📝: full bio)
Manabu is a member of a CSIRT since 2015. He works as both a researcher and an engineer.
He was a speaker at FIRST TC Bali 2018, Internet Week 2018, REVULN’19, HITCON CMT 2019 and Botconf 2019.
He was a speaker at FIRST TC Bali 2018, Internet Week 2018, REVULN’19, HITCON CMT 2019 and Botconf 2019.
Suguru joined Kaspersky Labs as a researcher in 2008. Then, he has been joining in Global Research and Analysis Team (GReAT) APAC to research Advanced Persistent Threat (APT) and recent cyber threats in APAC region.
Based on the results of research, he made presentations in several security conferences such as AVTokyo 2012, HITCON a pacific 2016, HITCON pacific 2017, JSAC 2018, FIRST TC Bali 2018, Internet Week 2018 and Botconf 2019.
Based on the results of research, he made presentations in several security conferences such as AVTokyo 2012, HITCON a pacific 2016, HITCON pacific 2017, JSAC 2018, FIRST TC Bali 2018, Internet Week 2018 and Botconf 2019.
A configuration profile (.mobileconfig file) provides configuration information to Mac/iOS devices. Basically, it is used for enterprise mobile device management (MDM), instance APN setup for MVNO, email client setup and etc.
Sometimes users encounter a "mimic" in a configuration profile. A mimic tries to cause a disturbance or steal information from victim's Mac/iOS device.
We’ve collected more than four hundred configuration profiles and analyzed them. In this presentation, we’ll show the details of mimics, malicious configuration profiles, in the wild. It covers various topics such as phishing, click fraud and more!
KTRW: The journey to build a debuggable iPhone (⏱️: 50 minutes)
👨🏻💻 Brandon Azad (@_bazad), Researcher at Google Project Zero (📝: full bio)
Development-fused iPhones with hardware debugging features like JTAG are out of reach for many iOS security researchers. This talk takes you along my journey to create a similar capability using off-the-shelf iPhones.
👨🏻💻 Brandon Azad (@_bazad), Researcher at Google Project Zero (📝: full bio)
Brandon Azad is a macOS/iOS security researcher at Google Project Zero, who enjoys finding 0-days, developing elegant exploits, and writing articles about security.
His significant projects include a macOS/iOS kernel inspection tool called memctl as well as an IDA Pro toolkit for analyzing Apple kernelcache files called ida_kernelcache.
His significant projects include a macOS/iOS kernel inspection tool called memctl as well as an IDA Pro toolkit for analyzing Apple kernelcache files called ida_kernelcache.
We'll look at a way to break KTRR, a custom hardware mitigation Apple developed to prevent kernel patches, and use this capability to load a kernel extension that enables full-featured, single-step kernel debugging with LLDB on production iPhones. Finally, I'll show how I used the resulting KTRW debugger to discover and exploit the oob_timestamp vulnerability (CVE-2020-3837).
tvOS-Checkra1n (⏱️: 50 minutes)
👨🏻💻 Kevin Bradley (@nitoTV), Researcher at Guardian (📝: full bio)
Earlier this year I was working on developing Nito store and NControl to liven up the scene of Apple TV. NControl became successful immediately. (Have you ever tried to type in a Wi-Fi password on Apple TV with an Apple TV controller? Yea, painful.) Weeks later, Apple releases iOS13 and adds support for PS4 controllers and xBoxOne controllers. Sherlocked. Well that was fun, sigh. The end is nigh...but then! Later in the month, BOOM.
👨🏻💻 Kevin Bradley (@nitoTV), Researcher at Guardian (📝: full bio)
Author of nitoTV (different things to different AppleTV platforms, XBMC like jack of all trades for v1, more of a Cydia for AppleTV on 2, 4th and 5th gen.)
- First ramdisk AppleTV jailbreak in greenpois0n rc6.1SeasonPass Author (AppleTV 2 jailbreak)
- Lead tvOS engineer for ChimeraTV
- Lead tvOS engineer/loader author for checkra1n
Literally. BOOM Bootrom Exploit dropped and the entire Jailbreak and Apple community is in shock. This is the first time in over 10 years a bootrom vulnerability has been discovered and an exploit has been developed. This is epic for iOS, but what does that mean for AppleTV and tvOS? …Chime in the Aladdin song… A Whole New World, a new fantastic point of view! Now the fun begins and a team is gathered for development.
An Attacker's Perspective on Jamf Configurations (⏱️: 50 minutes)
👨🏻💻 Luke Roberts (@rookuu_), Security Consultant at F-Secure (📝: full bio)
👨🏻💻 Calum Hall (@_calumhall), Security Researcher at F-Secure (📝: full bio)
👨🏻💻 Luke Roberts (@rookuu_), Security Consultant at F-Secure (📝: full bio)
👨🏻💻 Calum Hall (@_calumhall), Security Researcher at F-Secure (📝: full bio)
Luke is a Security Consultant at F-Secure (previously MWR InfoSecurity).
He specialises in performing attack simulations on behalf of F-Secure, and his recent research has focused on the impact that the adoption of macOS has had on organisations' security posture.
He specialises in performing attack simulations on behalf of F-Secure, and his recent research has focused on the impact that the adoption of macOS has had on organisations' security posture.
Calum works in the offensive security team at F-Secure, formerly MWR. Calum's focus over recent years has been towards perimeter based security, with his research now homing in on macOS security.
Predominantly he spends his time looking into macOS devices at an organisation wide scale and how common setups can be abused during offensive engagements.
Predominantly he spends his time looking into macOS devices at an organisation wide scale and how common setups can be abused during offensive engagements.
Organisations are increasingly adopting Apple devices for end user workstations, and now face the same device management challenges that others faced 20 years ago with Windows and Active Directory. To counter this, 3rd party device management solutions such as Jamf, have filled the macOS management void. This talk will give an attacker's perspective on the security implications behind adopting Jamf in your hybrid Windows and macOS estate.
We will explore in detail our experiences attacking Jamf-managed macOS estates, ranging from undisclosed attack vectors through to common mis-configurations that are consistently observed in the world of Windows Active Directory. We will also be releasing F-Secure's bespoke Jamf exploitation tooling, so that these attack paths can be identified in your own organisations.
In addition to the offensive skills needed to exploit these issues, we will also be providing recommendations to mitigate them, giving you the ability to harden both on-premise and SaaS Jamf instances.
Finding Waldo: Leveraging the Apple Unified Log for Incident Response (⏱️: 50 minutes)
👨🏻💻 Jai Musunuri (@JaiMusunuri), Principal Consultant at CrowdStrike Services (📝: full bio)
👨🏻💻 Erik Martin, Associate Consultant at CrowdStrike Services (📝: full bio)
👨🏻💻 Jai Musunuri (@JaiMusunuri), Principal Consultant at CrowdStrike Services (📝: full bio)
👨🏻💻 Erik Martin, Associate Consultant at CrowdStrike Services (📝: full bio)
Jai is a Principal Consultant at CrowdStrike Services, investigating complex intrusions at Fortune 500 companies and providing proactive services to stop the next breach from happening. He primarily examines Mac and mobile devices, but is still fond of his Linux and Windows investigations.
Jai applies his background in systems engineering to help organizations develop better security postures and recover from security crises more efficiently.
When he’s not dismantling the phones and laptops he uses for forensics research, you can find Jai traveling the world looking for the best kale smoothie.
Jai applies his background in systems engineering to help organizations develop better security postures and recover from security crises more efficiently.
When he’s not dismantling the phones and laptops he uses for forensics research, you can find Jai traveling the world looking for the best kale smoothie.
Erik Martin is an Associate Consultant with CrowdStrike Services, who focuses on incident response, while also assisting with proactive work. He has performed a variety of incident response investigations focused on Windows and Mac environments.
When he is not engaged with client work, Erik, helps maintain and develop CrowdStrike’s open source Mac triage tool -- AutoMacTC. Erik often finds his background in computer engineering helpful, especially when deep-diving into disk forensics or developing software tools.
Erik is based in southern California and enjoys spending time hiking in the mountains, tinkering with electronics, and playing Call of Duty.
When he is not engaged with client work, Erik, helps maintain and develop CrowdStrike’s open source Mac triage tool -- AutoMacTC. Erik often finds his background in computer engineering helpful, especially when deep-diving into disk forensics or developing software tools.
Erik is based in southern California and enjoys spending time hiking in the mountains, tinkering with electronics, and playing Call of Duty.
As of macOS 10.12 Sierra, incident responders can turn to a new endpoint log source for answers: the Apple Unified Log (AUL). This new log format, standardized across the Apple ecosystem, is both a blessing and a curse for responders. While it boasts longer retention times and contains a tremendous amount of data, the volume and level of granularity can quickly become overwhelming.
Hunting for useful entries in the AUL is like scouring the pages of a children’s book, trying to find Waldo in crowds of similar faces.
In this talk, we will teach you how to capture the AUL from macOS forensic images and live systems, briefly compare the AUL to older logging formats, and highlight key artifacts that can provide answers, leads, and quick wins. You’ll learn how we leverage the AUL for our incident response investigations, based on real cases we’ve worked where it’s been essential for our analysis.
By the end, you’ll come away with the skills you need to dive into the Apple Unified Log efficiently in your own environment - and find Waldo faster.
Tools:
The following tools will be presented at the (first!) "Aloha Armory":
- TrueTree (Jaron Bradley)
- APOLLO (Sarah Edwards)
- Private Internet Access (Josh Long)
- AutoMacTC (Jai Musunuri / Erik Martin)
- iOS Debugger (Brandon Azad)