Macsploitation with Metasploit

Presented at DEF CON 17 (2009), Aug. 1, 2009, 6:10 p.m. (30 minutes).

While Metasploit has had a number of Mac exploits for several years, the exploit payloads available have done little more than give a remote shell. These payloads are significantly simpler than the DLL-injection based payloads for Windows-based targets like the Meterpreter and VNC Inject payloads. This talk will cover the development and use of the fancier Metasploit Mac payloads developed by Dino Dai Zovi (the presenter) and Charlie Miller, including bundle injection, iSight photo capture, and Macterpreter.


Presenters:

  • Dino Dai Zovi
    Dino Dai Zovi is an information security professional, researcher, and author. Mr. Dai Zovi has been working in information security for over 8 years with experience in red teaming, penetration testing, and software security assessments at Sandia National Laboratories, @stake, Bloomberg, and Matasano Security. He is currently the Chief Scientist at a private information security firm. As an independent researcher, he is a regular speaker at industry, academic, and hacker security conferences including presentations of his research on hardware virtualization assisted rootkits using Intel VT-x, the KARMA wireless client security assessment toolkit, and offensive security techniques at international IT security conferences including BlackHat USA, CanSecWest, and DEF CON. He is a co-author of both "The Mac Hacker's Handbook" and "The Art of Software Security Testing". He is perhaps best known in the security and Mac communities for discovering the vulnerability and writing the exploit to win the first PWN2OWN contest at CanSecWest 2007.

Links:

Similar Presentations: