Saturday, July 25, 2009

Mac Attacks @ Black Hat USA 2009


It's time for the second Black Hat Technical Security Conference of the year, this one being held in Los Vegas, NV. Where else! I wonder how much money casinos will lose to participants after hours.

The conference runs July 25 through July 30. I'll be keeping an eye on Mac related revelry. Here are a couple announced Mac security events, researched and presented of course by two of our greatest Mac hackers, Dino Dai Zovi and Dr. Charlie Miller. My anti-heroes. *sw00n*

Advanced Mac OS X Rootkits

The Mac OS X kernel (xnu) is a hybrid BSD and Mach kernel. While Unix-oriented rootkit techniques are pretty well known, Mach-based rootkit techniques have not been as thoroughly publicly explored. This presentation will cover a variety of rootkit techniques for both user-space and kernel-space rootkits using unique and poorly understood or documented Mac OS X and Mach features.

Macsploitation with Metasploit

While Metasploit has had a number of Mac exploits for several years, the exploit payloads available have done little more than give a remote shell. These payloads are significantly simpler than the DLL-injection based payloads for Windows-based targets like the Meterpreter and VNC Inject payloads. This talk will cover the development and use of the fancier Metasploit Mac payloads developed by Dino Dai Zovi (the presenter) and Charlie Miller, including bundle injection, iSight photo capture, and Macterpreter.
Here is Dino's bio from the site:
Dino Dai Zovi
Endgame Systems

Dino Dai Zovi has been working in information security for over 9 years with experience in red teaming, penetration testing, and software security assessments at Sandia National Laboratories, @stake, and Matasano Security. Mr. Dai Zovi is also a regular speaker at information security conferences including presentations of his research on MacOS X security, hardware virtualization assisted rootkits using Intel VT-x, 802.11 wireless client security, and offensive security techniques at BlackHat USA, Microsoft BlueHat, CanSecWest, the USENIX Workshop on Offensive Technology, and DEFCON. He is a co-author of "The Mac Hacker's Handbook" (Wiley 2008) and "The Art of Software Security Testing" (Addison-Wesley Professional 2006). He is perhaps best known in the information security and Mac communities for discovering the vulnerability and writing the exploit to win the first PWN2OWN contest at CanSecWest 2007.
Also featured is a talk by Kostya Kortchinsky on how to use breakout vulnerabilites in VMWare virtualization software for Mac to hack into the host machine. And that's bad. Kostya works in France and is infamous for being first to exploit announced Microsoft vulnerabilities.

Some other somewhat Mac relevant subjects that will be presented:
  • BitTorrent Hacks - Michael Brooks and David Aslanian
  • Reversing and Exploiting and Apple® Firmware Update [for an Apple aluminum keyboard] - K. Chen
And of course an array of new PHP and SQL vulnerability hacks. What, no Microsoft exploits? There's no fooling you! Of course there are! And let's not forget exploitation of ye olde Intel® BIOS, Oracle, parking meters, iPhones, routers, and the US federal government. Included is an in depth discussion of the Windows worm of the year, Conficker. The favorite subject this year appears to be rootkits. The Pwnie Awards will be announced July 29th. There's fun for everyone.

No comments:

Post a Comment