Attacking OSX for fun and profit

Presented at Kiwicon X: The Truth is In Here (2016), Nov. 17, 2016, 1:45 p.m. (30 minutes)

For the purposes of a documentary. I got asked to hack a journalist. His request, verbatim was "I want to see how badly you can fuck up my life if you got control of my laptop". okay.jpg This was a trial by fire of "holy crap there aren't the tools to do this". This talk will describe the problem statement of "how 2 shot web" against osx, describe the process I took, what I learned along the way, and end with the horribly horribly written tool I wrote, some discussion about other tools that now exist (last year defcon these tools didn't exist), and some tradecraft around how to attack osx. It'll be fun!

Presenters:

• Dan Tentler / Viss   as Dan "Viss" Tentler
  Dan Tentler is the founder and CEO of The Phobos Group, a boutique information security services company. Previously a co-founder of Carbon Dynamics, and a security freelancer under the Aten Labs moniker, Dan has found himself in a wide array of different environments, ranging from blue team, to red team, to purple team, to ‘evil hacker for a camera crew'. When not obtaining shells or explaining against how to get shelled, Dan enjoys FPV racing, homebrewing, and internet troublemaking.

Links:

• https://2016.kiwicon.org/the-con/talks/#e224

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / OSX/Pirrit - Reverse engineering mac OSX malware and the legal department of the company who makes it
• ShmooCon XII (2016) / OSX Vulnerability Research and Why We Wrote Our Own Debugger