The XNU kernel powers Apple's operative systems. As their market share grows, exploitation of OS X and iOS is gaining popularity. The introduction of kernel exploit mitigations such as KASLR and SMEP has been overcome with new techniques. "vm_map_copy" corruption, a well-known technique useful for bypassing KASLR and SMAP / AS Isolation, has been mitigated in 10.11 & iOS 9. My talk will demonstrate new techniques to get around XNU's latest changes and I will demonstrate a real kernel exploit for the most recent version of El Capitain to bypass System Integrity Protection (rootless).