The Hacker's Guide to OS X
Exploiting OS X from the Root Up
- 1st Edition - November 16, 2012
- Latest edition
- Authors: Alijohn Ghassemlouei, Robert Bathurst, Russ Rogers
- Language: English
Written by two experienced penetration testers the material presented discusses the basics of the OS X environment and its vulnerabilities. Including but limited to; application po… Read more
Purchase options
Written by two experienced penetration testers the material presented discusses the basics of the OS X environment and its vulnerabilities. Including but limited to; application porting, virtualization utilization and offensive tactics at the kernel, OS and wireless level. This book provides a comprehensive in-depth guide to exploiting and compromising the OS X platform while offering the necessary defense and countermeasure techniques that can be used to stop hackers
As a resource to the reader, the companion website will provide links from the authors, commentary and updates.
- Provides relevant information including some of the latest OS X threats
- Easily accessible to those without any prior OS X experience
- Useful tips and strategies for exploiting and compromising OS X systems
- Includes discussion of defensive and countermeasure applications and how to use them
- Covers mobile IOS vulnerabilities
Security Professionals (Security Auditors, Security Engineers,), Cyber security professionals, hackers, programmers focused on secure coding, and reverse engineers
Forward
Chapter 1. Introduction
Why You are Reading This Book?
The Path Ahead
Reference
Chapter 2. History and Introduction to OSX
History and Introduction to OSX
Chapter 3. The Filesystem
Introduction
What is a File System?
The Difference Between Memory Types
Partition Tables
Identifying GUIDs
Booting
Master Boot Records
Blessed be Thy Volume
Booting from the Network
Working up to HFS+
How a File System Works
File System Addressing
Disk Fragmentation
The File System Forefathers
File System Layouts
Hierarchical File System (circa 1985)
Microsoft File Systems
HFS Plus
Journaled HFS
MetaData
Understanding Forks
Fiddling with the File System
Playing with Attributes
Hidden Files
Conclusion
Chapter 4. Footprinting OSX
Introduction
Off the Client
On the Client
Conclusion
Chapter 5. Application and System Vulnerabilities
Introduction
Understanding Vulnerabilities
Vulnerabilities are Equal Opportunity
Media Layers
Host Layers
History of Vulnerabilities in Apple Products
Mac OS X Specific
A Recent Example—Flashback
How it Works
Understanding Apple’s Security Response
Apple iOS Specific
Keeping it Under Control
Advanced Persistent Threats
Apple Script
Conclusion
Chapter 6. Defensive Applications
Introduction
Secure Configurations
Kernel Extension Removal
Examining Commercial Tools
Conclusion
Chapter 7. Offensive Tactics
Introduction
Summary
References
Chapter 8. Reverse Engineering
Introduction
The Basics
Coding
Decompiling Journey
Memory Monster
Assembly Time
Ripping It Apart
Taking It Home
Analysis Techniques
Summary
References
Chapter 9. Mobile Platforms
Introduction
Apple iOS Security Model and Overview
References
Chapter 10. Mac OS X Tips and Tricks
Introduction
Web Browser Plugins
Cool OS X Hacks
Conclusion
Index
- Edition: 1
- Latest edition
- Published: November 16, 2012
- Language: English
AG
Alijohn Ghassemlouei
Alijohn Ghassemlouei is a Cyber Security Specialist and Certified Ethical Hacker. In his current position he administers networks Linux/Unix/OS systems in a penetration testing lab, and performs penetration testing attacking a diverse range of classified and unclassified hosts and operating systems. In addition he presents technical demonstrations and briefings to U.S. congressmen, top-level DOE officials, and DOE security conference attendees. As a Black Hat Conference Volunteer he coordinates tasks and delegates responsibilities.
Affiliations and expertise
Cyber Security Specialist and Certified Ethical HackerRB
Robert Bathurst
Rob Bathurst is currently a cyber security researcher and penetration tester focusing on reverse engineering. He has spent over a decade doing vulnerability assessments, programming, and network engineering for the government, military, and private industry. Since his first encounter with Apple DOS at a young age, his eventual mastery of the infuriating System 7, and witnessing the advent of OS X, he has always wanted to know the inner workings of the newest Cupertino magic boxes.
Affiliations and expertise
Cyber Security Researcher and Penetration TesterRR
Russ Rogers
Russ Rogers (CISSP, CISM, IAM, IEM, Hon. Sc.D.), author of the popular "Hacking a Terror Network: The Silent Threat of Covert Channels" (Syngress, ISBN: 978-1-928994-98-5), co-author of multiple books, including the best-selling "Stealing the Network: How to Own a Continent" (Syngress, ISBN: 978-1-931836-05-0) and "Network Security Evaluation Using the NSA IEM" (Syngress, ISBN: 978-1-59749-035-1), and former editor-in-chief of The Security Journal, is currently a penetration tester for a federal agency and the co-founder and chief executive officer of Peak Security, Inc., a veteran-owned small business based in Colorado Springs, CO. Russ has been involved in information technology since 1980 and has spent the past 20 years working as both an IT and InfoSec consultant. Russ has worked with the U.S. Air Force (USAF), National Security Agency (NSA), Defense Information Systems Agency (DISA), and other federal agencies. He is a globally renowned security expert, speaker, and author who has presented at conferences around the world in Amsterdam, Tokyo, Singapore, São Paulo, Abu Dhabi, and cities all over the United States. Russ has an honorary doctorate of science in information technology from the University of Advancing Technology, a master's degree in computer systems management from the University of Maryland, a bachelor of science degree in computer information systems from the University of Maryland, and an associate's degree in applied communications technology from the Community College of the Air Force. He is a member of ISSA and (ISC)2® (CISSP). Russ also teaches at and fills the role of professor of network security for the University of Advancing Technology (www.uat.edu).
Affiliations and expertise
Penetration Tester for a Federal Agency and Co-founder/Chief Executive Officer, Peak Security, Inc.Read The Hacker's Guide to OS X on ScienceDirect