BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//pretalx//cfp.recon.cx//recon-2026//talk//HARHBR
BEGIN:VTIMEZONE
TZID:EST
BEGIN:STANDARD
DTSTART:20001029T030000
RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10;UNTIL=20061029T070000Z
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:STANDARD
DTSTART:20071104T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=11
TZNAME:EST
TZOFFSETFROM:-0400
TZOFFSETTO:-0500
END:STANDARD
BEGIN:DAYLIGHT
DTSTART:20000402T030000
RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4;UNTIL=20060402T080000Z
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
BEGIN:DAYLIGHT
DTSTART:20070311T030000
RRULE:FREQ=YEARLY;BYDAY=2SU;BYMONTH=3
TZNAME:EDT
TZOFFSETFROM:-0500
TZOFFSETTO:-0400
END:DAYLIGHT
END:VTIMEZONE
BEGIN:VEVENT
UID:pretalx-recon-2026-HARHBR@cfp.recon.cx
DTSTART;TZID=EST:20260620T100000
DTEND;TZID=EST:20260620T110000
DESCRIPTION:Apple’s platform security story is shifting. Security critica
 l functionality is increasingly moving out of the traditional XNU kernel i
 nto the guarded world\, an Apple Silicon proprietary secure execution mode
 . Initially used for the Secure Page Table Monitor (SPTM) and the Trusted 
 Execution Monitor (TXM)\, it now also hosts a separate CL4 microkernel\, t
 he Secure Kernel\, which runs Exclaves. Exclaves are isolated components t
 hat XNU can communicate with through defined interfaces.\n\nThis talk is a
  deep technical tour of the Secure Kernel and the Exclave ecosystem as it 
 exists on modern iOS and macOS. We will build a clear mental model of comp
 onent roles\, privilege separation\, IPC patterns\, shared memory data flo
 ws\, and the choke points where validation and policy decisions occur. Fro
 m there\, we will show how to identify endpoints\, recover message formats
 \, map memory and permissions\, and instrument execution so you can turn b
 lack box components into something you can actually audit.\n\nThe goal is 
 to leave attendees with concrete strategies for finding vulnerabilities an
 d mitigation bypass opportunities in this new Apple security perimeter.
DTSTAMP:20260612T173647Z
LOCATION:Grand Salon Opera
SUMMARY:Beyond XNU: Anatomy of the Secure Kernel & Exclaves on Apple Silico
 n - Stefan Esser
URL:https://cfp.recon.cx/recon-2026/talk/HARHBR/
END:VEVENT
END:VCALENDAR