Attacking OSX for fun and profit

Presented at Kiwicon X: The Truth is In Here (2016), Nov. 17, 2016, 1:45 p.m. (30 minutes)

For the purposes of a documentary. I got asked to hack a journalist. His request, verbatim was "I want to see how badly you can fuck up my life if you got control of my laptop". okay.jpg This was a trial by fire of "holy crap there aren't the tools to do this". This talk will describe the problem statement of "how 2 shot web" against osx, describe the process I took, what I learned along the way, and end with the horribly horribly written tool I wrote, some discussion about other tools that now exist (last year defcon these tools didn't exist), and some tradecraft around how to attack osx. It'll be fun!

Presenters:

  • Dan Tentler / Viss as Dan "Viss" Tentler
    Dan Tentler is the founder and CEO of The Phobos Group, a boutique information security services company. Previously a co-founder of Carbon Dynamics, and a security freelancer under the Aten Labs moniker, Dan has found himself in a wide array of different environments, ranging from blue team, to red team, to purple team, to ‘evil hacker for a camera crew'. When not obtaining shells or explaining against how to get shelled, Dan enjoys FPV racing, homebrewing, and internet troublemaking.

Links: