Automated Dylib Hijacking

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 6, 2019, 5:30 p.m. (30 minutes).

Applications on macOS use a common and flawed method of loading dynamic libraries (dylib), which leaves them vulnerable to a post-exploitation technique known as dylib hijacking. Dylib hijacking is a technique used to exploit this flawed loading method in order to achieve privilege escalation, persistence, or the ability to run arbitrary code. This talk provides an overview of the attack vector and the process involved in exploiting vulnerable applications. Additionally, the process of automating the exploitation of vulnerable applications will be demonstrated and discussed in depth. The tools developed and used for this demonstration will be made publicly available.


Presenters:

  • Jimi Sebree
    Jimi is a Senior member of Tenable's Zero Day Research team. He bounces between research disciplines in an effort to appear knowledgeable about a variety of topics. Occasionally he succeeds in tricking someone into listening to him. When not working, Jimi is an avid rock climber and beer enthusiast.

Links:

Similar Presentations: