mac os hacx
play

Mac OS hacX Things you need to know about your Mac Alessio L.R. - PowerPoint PPT Presentation

Aug 23, 2022 •253 likes •1.11k views

Mac OS hacX Things you need to know about your Mac Alessio L.R. Pennasilico mayhem@alba.st Pescara, 22 Agosto 2008 $ whois mayhem Security Evangelist @ Member / Board of Directors: AIP, AIPSI/ISSA, CLUSIT, Italian Linux Society, IT-ISAC,

  1. Mac OS hacX Things you need to know about your Mac Alessio L.R. Pennasilico mayhem@alba.st Pescara, 22 Agosto 2008

  2. $ whois mayhem Security Evangelist @ Member / Board of Directors: AIP, AIPSI/ISSA, CLUSIT, Italian Linux Society, IT-ISAC, LUGVR, OPSI, Metro Olografix, No1984.org, OpenBeer, Sikurezza.org, Spippolatori, VoIPSA. CrISTAL, Hacker’s Profiling Project, Recursiva.org Alessio L.R. Pennasilico 2

  3. Credits These slides are possible thanks to the help of some Italian hackers that always love to share information: Andrea Ghirardini, pila@pilasecurity.com Guido Bolognesi, zen @ kill-9.it Matteo G.P. Flora, lk @ lastknight.com Alessio L.R. Pennasilico 3

  4. “Those who don't understand UNIX are condemned to reinvent it, poorly." Henry Spencer Alessio L.R. Pennasilico 4

  5. Apple MAC AD Alessio L.R. Pennasilico 5

  6. How to obtain a more secure environment using MacOSX? Alessio L.R. Pennasilico - MacOSX security

  7. Screensaver Alessio L.R. Pennasilico

  8. Autologon Alessio L.R. Pennasilico

  9. Pair remote control Alessio L.R. Pennasilico

  10. Malware Alessio L.R. Pennasilico

  11. Library Randomization Alessio L.R. Pennasilico - MacOSX security

  12. How security is changing? From buffer overflow to application flaws… “… and nowadays a ssh remote root is a dead dream...” anonymous Alessio L.R. Pennasilico 12

  13. Apple solution to BO Library Randomization randomly distributes those commands throughout memory every time the operating system loads. Thus, even if an attacker finds a buffer overflow vulnerability and pushes his commands onto your system, it's extremely difficult for him to turn that into a working exploit. Alessio L.R. Pennasilico 13

  14. SandBoxes Alessio L.R. Pennasilico - MacOSX security

  15. SandBoxing Think about isolating a baby in a place where he can play Do the same with an application! Alessio L.R. Pennasilico 15

  16. Web Malware Malware can compromise my browser But my browser must not access all my system resources Alessio L.R. Pennasilico 16

  17. Policy We can create some rules: the browser will only access authorized resources Alessio L.R. Pennasilico 17

  18. It is native on MacOSX: coniglio:~ mayhem$ man sandbox-exec coniglio:~ mayhem$ cd /usr/share/sandbox/ bsd.sb portmap.sb named.sb mDNSResponder.sb ntpd.sb syslogd.sb Alessio L.R. Pennasilico 18

  19. and simple to use $ sandbox-exec -f profile-file applicazione $ cat /usr/share/sandbox/named.sb (allow network*) (allow file-write* file-read-data file-read- metadata (regex "^(/private)?/var/run/named\\.pid$" "^/Library/Logs/named\\.log$")) Alessio L.R. Pennasilico 19

  20. Access Control List Alessio L.R. Pennasilico - MacOSX security

  21. File system The file system is HFS+ Provides journaling access-list and extended attributes Alessio L.R. Pennasilico 21

  22. /bin/ls -l coniglio:~ mayhem$ /bin/ls -l total 24 drwx------+ 8 mayhem mayhem 272 May 13 18:45 Desktop -rw-r--r--@ 1 root mayhem 1024 Dec 10 10:41 Desktop DB -rw-r--r--@ 1 root mayhem 2 Dec 9 23:11 Desktop DF drwx------+ 35 mayhem mayhem 1190 May 8 19:40 Documents Alessio L.R. Pennasilico 22

  23. /bin/ls -el coniglio:~ mayhem$ /bin/ls -le total 24 drwx------+ 8 mayhem mayhem 272 May 13 18:45 Desktop 0: group:everyone deny delete -rw-r--r--@ 1 root mayhem 1024 Dec 10 10:41 Desktop DB -rw-r--r--@ 1 root mayhem 2 Dec 9 23:11 Desktop DF drwx------+ 35 mayhem mayhem 1190 May 8 19:40 Documents 0: group:everyone deny delete Alessio L.R. Pennasilico 23

  24. /bin/chmod # chmod +a "admin allow write" file1 # chmod +a "guest deny read" file1 # ls -le -rw-r--r--+ 1 juser wheel 0 Apr 28 14:06 file1 owner: juser 1: guest deny read 2: admin allow write Alessio L.R. Pennasilico 24

  25. Monitor Alessio L.R. Pennasilico - MacOSX security

  26. Why monitoring? It’s always important to know what a binary program tries to do both from a security point of view and from a performance point of view Alessio L.R. Pennasilico 26

  27. It is important to know which file are created / accessed / deleted how much CPU / memory is used lookup thread / child processes network activities Alessio L.R. Pennasilico 27

  28. dtruss Used to run strace on your PC? Did you find an unknown binary? root@coniglio# dtruss /bin/ls Alessio L.R. Pennasilico 28

  29. Running processes It is possible to attach dtruss to already running processes to monitor syscalls Alessio L.R. Pennasilico 29

  30. dtruss screencast Alessio L.R. Pennasilico 30

  31. dtrace It is useful to create profiles of system wide parameters to monitor Pre-compiled libraries can be found: http://www.solarisinternals.com/si/dtrace/ Alessio L.R. Pennasilico 31

  32. Instruments It is the GUI provided by Developer Tools It analyzes any activity of running or new launched applications Alessio L.R. Pennasilico 32

  33. Instruments screencast Alessio L.R. Pennasilico 33

  34. Default processes It is important to know what are the default system services. A comprehensive and updated document can be found at: http://www.westwind.com/reference/OS-X/ background-processes.html Alessio L.R. Pennasilico 34

  35. Firewall Alessio L.R. Pennasilico - MacOSX security

  36. Tiger or 10.4 Traffic based firewall BSD IPFW product Powerful and flexible Complex syntax for a normal user Alessio L.R. Pennasilico 36

  37. Leopard or 10.5 Application based firewall Alessio L.R. Pennasilico 37

  38. Configuring a firewall? Alessio L.R. Pennasilico 38

  39. Application Firewall It puts a signature file inside the application Some applications check their integrity Some applications stop working Alessio L.R. Pennasilico 39

  40. From AppFW to IPFW Thanks God: IPFW is still present You can use it from command line Alessio L.R. Pennasilico 40

  41. IPFW root@coniglio# ipfw -h ipfw syntax summary (but please do read the ipfw(8) manpage): ipfw [-acdeftTnNpqS] <command> where <command> is one of: add [num] [set N] [prob x] RULE-BODY {pipe|queue} N config PIPE-BODY [pipe|queue] {zero|delete|show} [N{,N}] set [disable N... enable N...] | move [rule] X to Y | swap X Y | show Alessio L.R. Pennasilico 41

  42. IPFW GUI Simpler interface = fewer errors Simple interface = more users Alessio L.R. Pennasilico 42

  43. WaterRoof This Italian project is an IPFW firewall frontend for Mac OS X 10.5 with an easy interface and many options. Features include dynamic rules, bandwidth management, NAT configuration and port redirection, pre-defined rule sets and a wizard for easy configuration. You can also watch logs and graphic statistics. Alessio L.R. Pennasilico 43

  44. WaterRoof http://www.hanynet.com/waterroof/index.html Alessio L.R. Pennasilico 44

  45. Bonjour Alessio L.R. Pennasilico - MacOSX security

  46. Bonjour Also known as zero-configuration networking, enables automatic discovery of computers, devices, and services on IP networks. Bonjour uses industry standard IP protocols to allow devices to automatically discover each other without the need to enter IP addresses or configure DNS servers. In order to provide a true zero-configuration experience, Bonjour requires that devices implement three essential things. Alessio L.R. Pennasilico 46

  47. Requirements ➡ Allocate IP addresses without a DHCP server. Translate between names and addresses ➡ without a DNS server. Locate or advertise services without using a ➡ directory server. Alessio L.R. Pennasilico 47

  48. Useful for... Easily connect to printers ✓ Easily connect to services (i.e. VNC) ✓ Enumerate ๏ Replicate worms ๏ Alessio L.R. Pennasilico 48

  49. Find VNC servers Alessio L.R. Pennasilico 49

  50. or RDP server Alessio L.R. Pennasilico 50

  51. Disable bonjour launchctl unload -w /System/Library/\ LaunchDaemons/com.apple.mDNSResponder.plist To re-enable it: launchctl load -w /System/Library/ \LaunchDaemons/\com.apple.mDNSResponder.plist Alessio L.R. Pennasilico 51

  52. FileVault Alessio L.R. Pennasilico - MacOSX security

  53. FileVault Will provide encrypted volumes Can transparently encrypt the whole home Can create volumes on CD / USB Key Alessio L.R. Pennasilico 53

  54. /Users FileVault will create a sparse bundle disk image AES 128 encrypted Automagically mounted at login Alessio L.R. Pennasilico 54

  55. Logged off user Empty /Users/mayhem /Users/.mayhem containing the encrypted volume The password of the volume is always corresponding to the user password Alessio L.R. Pennasilico 55

  56. sparse image It is a unique big file must be maintained default until 10.4 preserved when migrating Alessio L.R. Pennasilico 56

  57. sparse bundle image a lot of 8 MB bands ( files ) easier to maintain default since 10.5 Alessio L.R. Pennasilico 57

  58. No deniability FileVault does not provide any plausible deniability feature. Any analyzer will easily understand if you are using one or more encrypted volumes. Alessio L.R. Pennasilico 58

  59. Break in Is it possible to violate FileVault security? Alessio L.R. Pennasilico 59

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Testing: Its not just for your code! ...and other heretical proclomations Christopher H. Laco

Testing: Its not just for your code! ...and other heretical proclomations Christopher H. Laco

1 Testing: Its not just for your code! ...and other heretical proclomations Christopher H. Laco claco@chrislaco.com @claco #codemash Follow along! http://chrislaco.com/slides/codemash-testing.pdf 1 2 Legal Disclaimer

1.03k views • 45 slides
By Kenneth M. Hoeck - Church of God Woodstock - Truth On The Web Ministries - WWW.TOTW.ORG Are

By Kenneth M. Hoeck - Church of God Woodstock - Truth On The Web Ministries - WWW.TOTW.ORG Are

By Kenneth M. Hoeck - Church of God Woodstock - Truth On The Web Ministries - WWW.TOTW.ORG Are You In Rhythm? By Kenneth M. Hoeck - Church of God Woodstock - Truth On The Web Ministries - WWW.TOTW.ORG One of the most important things about

884 views • 41 slides
Human Behavior Chapter 5: Sensation and Perception Part 2: Hearing, Taste, Smell, Touch Hearing

Human Behavior Chapter 5: Sensation and Perception Part 2: Hearing, Taste, Smell, Touch Hearing

Human Behavior Chapter 5: Sensation and Perception Part 2: Hearing, Taste, Smell, Touch Hearing Parts of the Human Ear How Hearing Works Sound Waves are Stimuli for hearing, they resemble waves or ripples of different sizes Think of ripples

421 views • 23 slides
PF(11) * CF(3) = Risk Assessment: 33 Last Updated: Thurber, December 2009 Previous Update:

PF(11) * CF(3) = Risk Assessment: 33 Last Updated: Thurber, December 2009 Previous Update:

/ ALBERTA TRANSPORTATION LANDSLIDE RISK ASSESSMENT SECTION A: GEOTECHNICAL FILE REVIEW NORTH CENTRAL REGION (ATHABASCA AREA) SITE NC17A (BACKSLOPE FAILURE OF HIGHWAY TWINNING) HIGHWAY CONTROL SECTION Hwy 63:12, km 2 to km 10 NEAREST LANDMARK:

292 views • 6 slides
Antenatal Testing: Who, When, How? Brian L. Shaffer, MD Associate Professor Maternal Fetal

Antenatal Testing: Who, When, How? Brian L. Shaffer, MD Associate Professor Maternal Fetal

6/16/2017 Disclosures I have nothing to disclose Antenatal Testing: Who, When, How? Brian L. Shaffer, MD Associate Professor Maternal Fetal Medicine Doernbecher Fetal Therapy June 15, 2017 FM: Rationale Objectives: Fetal monitoring -

485 views • 11 slides
Moving beyond the lexicon Moving beyond the lexicon An isolated lexicon? An isolated lexicon?

Moving beyond the lexicon Moving beyond the lexicon An isolated lexicon? An isolated lexicon?

LIGN171: Child Language Acquisition http://ling.ucsd.edu/courses/lign171 http://ling.ucsd.edu/courses/lign171 LIGN171: Child Language Acquisition Moving beyond the lexicon Moving beyond the lexicon An isolated lexicon? An isolated

836 views • 35 slides
How can we track a target when it is occluded ? Jean-Jacques Orban de Xivry Philippe Lefvre

How can we track a target when it is occluded ? Jean-Jacques Orban de Xivry Philippe Lefvre

How can we track a target when it is occluded ? Jean-Jacques Orban de Xivry Philippe Lefvre Cesame-UCL Is this yours ?? What happens with his car ??? Driving around in the country side Eye movements Saccades Latency Position error Eye

961 views • 26 slides
Formal Modeling in Cognitive Science Uniform Distribution Lecture 27: Special Distributions;

Formal Modeling in Cognitive Science Uniform Distribution Lecture 27: Special Distributions;

Special Distributions Special Distributions Application: Eye-movement Data Application: Eye-movement Data 1 Special Distributions Formal Modeling in Cognitive Science Uniform Distribution Lecture 27: Special Distributions; Applications

193 views • 6 slides
Moving Object Trajectory Mining Moving Object Trajectory Mining Trajectory decomposition

Moving Object Trajectory Mining Moving Object Trajectory Mining Trajectory decomposition

Moving Object Trajectory Mining Moving Object Trajectory Mining Trajectory decomposition algorithm Trajectory decomposition algorithm Somayeh Dodge Robert Weibel Representation Analysis and Representation, Analysis and Visualization of

263 views • 10 slides
GEO DATA MANAGEMENT Dr. Kristien Ooms; Ghent University Kristien.Ooms@UGent.be Time Type

GEO DATA MANAGEMENT Dr. Kristien Ooms; Ghent University Kristien.Ooms@UGent.be Time Type

EYE TRACKING IN GEO DATA MANAGEMENT Dr. Kristien Ooms; Ghent University Kristien.Ooms@UGent.be Time Type Trial L POR X [px] L POR Y [px] 15256356851 SMP 1 589,64 590,82 W HAT IS EYE TRACKING ? 15256365267 SMP 1 586,6 587,1

1.28k views • 86 slides
Example Videos Linked feature-map and 3D views for DTMRI Parallel Coordinates, slice, 3D

Example Videos Linked feature-map and 3D views for DTMRI Parallel Coordinates, slice, 3D

2/1/2012 Comp/Phys/Mtsc 715 Pre-Attentive Characteristics: Information that Pops Out 2/2/2012 Preattentive Comp/Phys/Mtsc 715 Taylor 1 Example Videos Linked feature-map and 3D views for DTMRI Parallel Coordinates, slice, 3D for

420 views • 13 slides
Visual Thinking for Design Colin Ware How much do

Visual Thinking for Design Colin Ware How much do

Visual Thinking for Design Colin Ware How much do we see? We do not have the en&lt;re visual world in conscious awareness We

410 views • 11 slides
Search User Behavior Modeling Yiqun LIU Department of Computer Science &amp; Technology Tsinghua

Search User Behavior Modeling Yiqun LIU Department of Computer Science &amp; Technology Tsinghua

Search User Behavior Modeling Yiqun LIU Department of Computer Science &amp; Technology Tsinghua University, Beijing, China @MLAf2016, Nanjing Ab About t The e Sp Spea eaker er Name: Yiqun LIU ( ) Associate Professor @

682 views • 45 slides
Impact of Eye Fixated Regions in Visual Action Recognition Mentor : Dr. Amitabha Mukerjee

Impact of Eye Fixated Regions in Visual Action Recognition Mentor : Dr. Amitabha Mukerjee

Impact of Eye Fixated Regions in Visual Action Recognition Mentor : Dr. Amitabha Mukerjee Deepak Pathak deepakp@ Dept. of Computer Science &amp; Eng. , IIT Kanpur Introduction Human Action Recognition ( What ?) 150,000 uploads every

494 views • 15 slides
Language 75,000 - 100,000 words Productive or generative nature of language

Language 75,000 - 100,000 words Productive or generative nature of language

5/9/19 Introduction to Language &amp; Language Comprehension The Nature of Language Background Phrase structure grammars Transformational grammars Factors affecting comprehension Neurolinguistics Speech Perception

388 views • 17 slides
Mobile Computing and Context Papers elected by prof. Gerhard Troster Mentor: Remo Meier Table of

Mobile Computing and Context Papers elected by prof. Gerhard Troster Mentor: Remo Meier Table of

3 rd December, 2008 Presented by: Robert Grandl Mobile Computing and Context Papers elected by prof. Gerhard Troster Mentor: Remo Meier Table of Contents Motivation Main ideas and results in analyzed papers Conclusions

820 views • 37 slides
Dr. Kit Chunyu Wu Ting-Wei Tiffany Translation for Dissemination Assimilation

Dr. Kit Chunyu Wu Ting-Wei Tiffany Translation for Dissemination Assimilation

Dr. Kit Chunyu Wu Ting-Wei Tiffany Translation for Dissemination Assimilation Information exchange Information access Increasing need and use of machine aids for cost-effective translation In the foreseeable future, it

422 views • 24 slides
Human-Computer Interaction Termin 7: Usability Evaluation MMI/SS06 1 Process to develop User

Human-Computer Interaction Termin 7: Usability Evaluation MMI/SS06 1 Process to develop User

Human-Computer Interaction Termin 7: Usability Evaluation MMI/SS06 1 Process to develop User centered design interactive systems such that usability will be maximized. scenario, user what is task analysis guidelines wanted principles

585 views • 21 slides
Manipulation in HRI: How a robot: an Overview Makes physical changes to the world around it

Manipulation in HRI: How a robot: an Overview Makes physical changes to the world around it

3/22/19 What is Manipulation? Manipulation in HRI: How a robot: an Overview Makes physical changes to the world around it Physically interacts with the world and other agents Grasping, pushing, carrying, moving, joining,

372 views • 5 slides
Copulas for neural and behavioral parallel systems Hans Colonius Department f ur Psychologie

Copulas for neural and behavioral parallel systems Hans Colonius Department f ur Psychologie

Copulas for neural and behavioral parallel systems Hans Colonius Department f ur Psychologie Universit at Oldenburg Purdue Winer Memorial Lectures Probability and Contextuality November 2018 1 / 75 Outline Preliminaries Coupling:

1.71k views • 144 slides
An Empirical Study on the Efficiency of Different Design Pattern Representations in UML Class

An Empirical Study on the Efficiency of Different Design Pattern Representations in UML Class

Noname manuscript No. (will be inserted by the editor) An Empirical Study on the Efficiency of Different Design Pattern Representations in UML Class Diagrams Gerardo Cepeda Porras Yann-Ga el Gu eh eneuc Received: date / Accepted: date

291 views • 28 slides
Behavior Models and Composition for Software and Systems Architecture Mikhail Auguston Computer

Behavior Models and Composition for Software and Systems Architecture Mikhail Auguston Computer

Behavior Models and Composition for Software and Systems Architecture Mikhail Auguston Computer Science Department Naval Postgraduate School Monterey, California, USA 1 An architecture description belongs to a high level of abstraction,

650 views • 38 slides
UNIVERSITY OF CALIFORNIA Economics 134 DEPARTMENT OF ECONOMICS Spring 2018 Professor David

UNIVERSITY OF CALIFORNIA Economics 134 DEPARTMENT OF ECONOMICS Spring 2018 Professor David

UNIVERSITY OF CALIFORNIA Economics 134 DEPARTMENT OF ECONOMICS Spring 2018 Professor David Romer LECTURE 8 REVIEW OF OPEN-ECONOMY IS-MP AND THE AD-IA FRAMEWORK FEBRUARY 12, 2018 I. O VERVIEW II. O PEN -E CONOMY IS-MP WITH F LEXIBLE E XCHANGE

704 views • 56 slides
Introduction to Multiprocessor 2 GHz 2 GHz 2 GHz Identical FPU FPU FPU Real-Time Systems

Introduction to Multiprocessor 2 GHz 2 GHz 2 GHz Identical FPU FPU FPU Real-Time Systems

Real-time Scheduling and Synchronization Seminar Three Kinds of Multiprocessors Proc. 1 Proc. 2 Proc. 3 Introduction to Multiprocessor 2 GHz 2 GHz 2 GHz Identical FPU FPU FPU Real-Time Systems Uniform 2 GHz 1 GHz 500 MHz

504 views • 9 slides

More recommend