Explore XNU heap exploitation techniques in this conference talk from NULLCON Goa 2020. Dive into the intricacies of exploiting kernel bugs CVE-2018-4344 and CVE-2019-6225 through three kernel exploits: treadm1ll, v1ntex, and v3ntex. Begin with an introduction to XNU internals, focusing on Mach ports and heap allocators zalloc and kalloc. Learn how to progress from a proof of concept to a full kernel exploit, with emphasis on identifying non-obvious exploitation primitives and effective heap manipulation strategies. Examine the impact of version changes between iOS 11 and iOS 12 on exploitation techniques, and understand how small modifications can significantly affect exploit functionality. Gain insights from an experienced iOS hacker who has contributed to various jailbreaks and created tools for research and downgrading across multiple Apple devices.