SlideShare una empresa de Scribd logo

0-Day Up Your Sleeve - Attacking macOS Environments

SecuRing
SecuRing

This document summarizes a talk about attacking MacOS environments. It discusses setting up command and control with Mythic, initial access techniques like using Microsoft Word macros and 0-day exploits, persistence methods like login items and launch agents, collecting data like AD credentials, browser cookies and files using techniques like bypassing transparency consent and control protections, and hardening MacOS environments through enrollment in MDM and security policy enforcement. Examples of collecting OpenVPN credentials, NoMAD credentials storing in the keychain, bypassing Firefox password encryption, and accessing cloud credentials in the home directory are provided.

Tecnología
1 de 58
Descargar para leer sin conexión
0-day up your sleeve AT TA C K I N G M A C O S E N V I R O N M E N T S
Whoami? Wojciech Reguła Head of Mobile Security at • Focused on iOS/macOS #appsec • Blogger – h8ps:/ /wojciechregula.blog • iOS Security Suite Creator • macOS environments security
Agenda 1. Introduction 2. Macs in corporate environments 3. Setting up a C2 with Mythic 4. Initial access 5. Persistence 6. Data collection & Lateral movement 7. Hardening macOS environments 8. Conclusion
🙋‍ Raise your hand if: There is at least one Mac in your company
🙋‍ Raise your hand if: This Mac has access to your company’s resources like other Windows machines
Why did I decide to make this talk? 1. Macs are geHng more common in corporate environments (developers, UX, designers, managers, etc.) 2. SoNware houses / IT companies have large % of Macs in their environments 3. Macs are not symmetrically secured comparing them to Windows machines…
What are the problems? ☠ Old, vulnerable macOS versions everywhere ⚙ MacOS system firewall disabled (default configura<on) 🤔 An<malware? Do Macs have viruses? 👩💻‍‍ Standard users working on admin accounts 🗒 Lack of applica<on whitelis<ng 🖥 In mid-size companies Macs are not even enrolled in MDMs…
Macs in corporate environments Mac is directly bound to the AD
Macs in corporate environments Mac has NoMAD installed that handles Kerberos
Macs in corporate environments Mac uses SSO, there is no AD
ADFS SSO NON-SSO Desktop and other TCC-protected directories Target for this talk
ü Great red teaming framework with macOS support ü Created by Cody Thomas @its_a_feature_ ü Open source - hMps:/ /github.com/its-a-feature/Mythic ü Extensive docs - hMps:/ /docs.mythic-c2.net/
h0ps:/ /vimeo.com/751596706
Initial access - problems 1. According to Apple all the soNware downloaded directly with your browser must be notarized
Initial access - problems 2. NotarizaZon will check if the soNware doesn’t contain malicious components
Initial access - problems 3. If you don’t notarize your app macOS will block it.
Ini=al access – solu=ons for the problems 1. We can create a legit pkg file, notarize it and risk our cer<ficate to be revoked by Apple
Initial access – solutions for the problems 2. We can convince user to right click and open the app. It’s a popular technique used by malware
Initial access – solutions for the problems 3. We can bypass the GateKeeper using a 0-day
Initial access – solutions for the problems 4. Use Microsoft Office Macro.
Ini=al access with a MicrosoA Word Macro
Ini=al access with a MicrosoA Word Macro
Initial access with a Microsoft Word Macro • Madhav Bhab shared a cool technique to escape the Word’s sandbox. However, it requires users to reboot their Macs.
…but we have our own 0-days 😈 Presenting : macOS sandbox escape vulnerability
h0ps:/ /vimeo.com/751596839
Persistence Typical macOS persistence techniques: • Launch Agents • Launch Daemons • Login Items • Cron Jobs • Login/Logout Hooks • Authorization Plugins • … and tons of others -> https://theevilbit.github.io/beyond/
h0ps:/ /vimeo.com/751596910
h0ps:/ /vimeo.com/751597017
Persistence – macOS Ventura update
ADFS SSO NON-SSO Desktop and other TCC-protected directories Target for this talk
Data Collection We’re interested in: • VPN credenZals • AD credenZals (NoMAD) • Signal messages • Browser cookies • Keychain entries • AWS / other cloud keys • Desktop/Documents files
Data Collec=on - OpenVPN
Data Collection - OpenVPN
Data Collec=on – OpenVPN • You can use my universal app Keylogger • https://gist.github.com/r3ggi/26f38e6439d96474491432621f2237c0
Data Collec=on - OpenVPN
ADFS SSO NON-SSO Desktop and other TCC-protected directories Target for this talk
Data Collection – AD Credentials (NoMAD) • NoMAD saves your AD credenZals in MacOS Keychain. • The Keychain has a flaw that allows geHng entries from it without any prompt / root access / user’s password • hbps:/ /wojciechregula.blog/post/stealing-macos-apps-keychain-entries/
Data Collection – AD Credentials (NoMAD) • I open-sourced a NoMADCredenZalsStealer tool as a part of my #macOSRedTeamingTricks series • hbps:/ /github.com/r3ggi/NoMADCredenZalsStealer/
ADFS SSO NON-SSO Desktop and other TCC-protected directories Target for this talk
Data Collection – Signal messages
ADFS SSO NON-SSO Desktop and other TCC-protected directories Target for this talk
Data Collection – Firefox saved passwords • Firefox stores saved logins & passwords in an encrypted form • If master password is not set (default configuraZon) the saved credenZals can be dumped without root • hbps:/ /github.com/unode/firefox_decrypt
h0ps:/ /vimeo.com/751597088
ADFS SSO NON-SSO Desktop and other TCC-protected directories Target for this talk
Data Collection – flat files and problems with TCC
Transparency, Consent and Control (TCC)
h0ps:/ /vimeo.com/751597122
Data Collec=on – flat files and problems with TCC • Accessing Desktop/Documents/Microphone and other sensitive resources will spawn a prompt • But there are tons of TCC bypasses • Black Hat Talk: 20+ Ways to Bypass Your macOS Privacy Mechanisms • We can abuse other apps installed on the device and use their TCC permissions.
Data Collec=on – flat files and problems with TCC
…we have our own vulnerabilities #2 😈 Presenting : a TCC bypass
Data Collec=on – flat files and problems with TCC
https://vimeo.com/751597193
Data Collection & Lateral Movement • Another good news for red teamers – cloud credenZals are stored in ~ • Home directory isn’t TCC-protected! ~/.ssh ~/.aws ~/.azure ~/.config/gcloud
ADFS SSO NON-SSO Desktop and other TCC-protected directories Target for this talk
Hardening macOS environments At least: 1. Enroll your company’s Macs to MDM (eg. JAMF, Intune) 2. Keep them updated 3. Enforce security policies (SIP, Firewall, GateKeeper, Filevault etc) 4. Disable Office macros (if possible in your organization) 5. Install an anti-malware solution 6. Monitor your Macs
h"ps://www.securing.pl/en/service/infrastructure-security-tes7ng/mac- environments-tes7ng/
Summing up
Wojciech Reguła Head of Mobile Security at SecuRing @_r3ggi wojciech-regula Thank you!

Recomendados

Code obfuscation theory and practices
Code obfuscation theory and practicesCode obfuscation theory and practices
Code obfuscation theory and practices
nlog2n
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
RyanISI
 
Des lecture
Des lectureDes lecture
Des lecture
ANIKET UTTAM
 
Pwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakPwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreak
Abraham Aranguren
 
Android Development with Kotlin course
Android Development with Kotlin courseAndroid Development with Kotlin course
Android Development with Kotlin course
GoogleDevelopersLeba
 
Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1
Mohamed Loey
 
Xilkernel
XilkernelXilkernel
Xilkernel
Vincent Claes
 
Triton and Symbolic execution on GDB@DEF CON China
Triton and Symbolic execution on GDB@DEF CON ChinaTriton and Symbolic execution on GDB@DEF CON China
Triton and Symbolic execution on GDB@DEF CON China
Wei-Bo Chen
 

Recomendados

Code obfuscation theory and practices
Code obfuscation theory and practicesCode obfuscation theory and practices
Code obfuscation theory and practices
nlog2n
 
iOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for BeginnersiOS Application Penetration Testing for Beginners
iOS Application Penetration Testing for Beginners
RyanISI
 
Des lecture
Des lectureDes lecture
Des lecture
ANIKET UTTAM
 
Pwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreakPwning mobile apps without root or jailbreak
Pwning mobile apps without root or jailbreak
Abraham Aranguren
 
Android Development with Kotlin course
Android Development with Kotlin courseAndroid Development with Kotlin course
Android Development with Kotlin course
GoogleDevelopersLeba
 
Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1Computer Security Lecture 2: Classical Encryption Techniques 1
Computer Security Lecture 2: Classical Encryption Techniques 1
Mohamed Loey
 
Xilkernel
XilkernelXilkernel
Xilkernel
Vincent Claes
 
Triton and Symbolic execution on GDB@DEF CON China
Triton and Symbolic execution on GDB@DEF CON ChinaTriton and Symbolic execution on GDB@DEF CON China
Triton and Symbolic execution on GDB@DEF CON China
Wei-Bo Chen
 
Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOS
Cody Thomas
 
DBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse EngineeringDBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse Engineering
Sahil Dhar
 
Valgrind tutorial
Valgrind tutorialValgrind tutorial
Valgrind tutorial
Satabdi Das
 
What's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteWhat's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynote
MarkDowd13
 
Red Team Revenge - Attacking Microsoft ATA
Red Team Revenge - Attacking Microsoft ATARed Team Revenge - Attacking Microsoft ATA
Red Team Revenge - Attacking Microsoft ATA
Nikhil Mittal
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
n|u - The Open Security Community
 
Java Shellcode Execution
Java Shellcode ExecutionJava Shellcode Execution
Java Shellcode Execution
Ryan Wincey
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms
Csaba Fitzl
 
Valgrind
ValgrindValgrind
Valgrind
aidanshribman
 
Live Memory Forensics on Android devices
Live Memory Forensics on Android devicesLive Memory Forensics on Android devices
Live Memory Forensics on Android devices
Nikos Gkogkos
 
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbg
Sam Bowne
 
Exploiting XPC in AntiVirus
Exploiting XPC in AntiVirusExploiting XPC in AntiVirus
Exploiting XPC in AntiVirus
Csaba Fitzl
 
Integrated Register Allocation introduction
Integrated Register Allocation introductionIntegrated Register Allocation introduction
Integrated Register Allocation introduction
Shiva Chen
 
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Sam Bowne
 
A brief introduction to SQLite PPT
A brief introduction to SQLite PPTA brief introduction to SQLite PPT
A brief introduction to SQLite PPT
JavaTpoint
 
Advanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesAdvanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming Languages
S.Shayan Daneshvar
 
OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testing
eightbit
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
hugo lu
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application Security
Egor Tolstoy
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network Stack
Adrien Mahieux
 
Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!
Peter Hlavaty
 
From velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweatFrom velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweat
Stefano Maccaglia
 

Más contenido relacionado

La actualidad más candente

Java Shellcode Execution
Java Shellcode ExecutionJava Shellcode Execution
Java Shellcode Execution
Ryan Wincey
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms
Csaba Fitzl
 
OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testing
eightbit
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
hugo lu
 

La actualidad más candente (20)

Ready player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOSReady player 2 Multiplayer Red Teaming Against macOS
Ready player 2 Multiplayer Red Teaming Against macOS
 
DBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse EngineeringDBI-Assisted Android Application Reverse Engineering
DBI-Assisted Android Application Reverse Engineering
 
Valgrind tutorial
Valgrind tutorialValgrind tutorial
Valgrind tutorial
 
What's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynoteWhat's in a Jailbreak? - BSides 2019 keynote
What's in a Jailbreak? - BSides 2019 keynote
 
Red Team Revenge - Attacking Microsoft ATA
Red Team Revenge - Attacking Microsoft ATARed Team Revenge - Attacking Microsoft ATA
Red Team Revenge - Attacking Microsoft ATA
 
iOS Application Pentesting
iOS Application PentestingiOS Application Pentesting
iOS Application Pentesting
 
Java Shellcode Execution
Java Shellcode ExecutionJava Shellcode Execution
Java Shellcode Execution
 
20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms20+ ways to bypass your mac os privacy mechanisms
20+ ways to bypass your mac os privacy mechanisms
 
Valgrind
ValgrindValgrind
Valgrind
 
Live Memory Forensics on Android devices
Live Memory Forensics on Android devicesLive Memory Forensics on Android devices
Live Memory Forensics on Android devices
 
CNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbgCNIT 126: 10: Kernel Debugging with WinDbg
CNIT 126: 10: Kernel Debugging with WinDbg
 
Exploiting XPC in AntiVirus
Exploiting XPC in AntiVirusExploiting XPC in AntiVirus
Exploiting XPC in AntiVirus
 
Integrated Register Allocation introduction
Integrated Register Allocation introductionIntegrated Register Allocation introduction
Integrated Register Allocation introduction
 
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
Practical Malware Analysis: Ch 7: Analyzing Malicious Windows Programs
 
A brief introduction to SQLite PPT
A brief introduction to SQLite PPTA brief introduction to SQLite PPT
A brief introduction to SQLite PPT
 
Advanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming LanguagesAdvanced SQL - Database Access from Programming Languages
Advanced SQL - Database Access from Programming Languages
 
OWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration TestingOWASP Melbourne - Introduction to iOS Application Penetration Testing
OWASP Melbourne - Introduction to iOS Application Penetration Testing
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
 
iOS Application Security
iOS Application SecurityiOS Application Security
iOS Application Security
 
Linux Network Stack
Linux Network StackLinux Network Stack
Linux Network Stack
 

Similar a 0-Day Up Your Sleeve - Attacking macOS Environments

DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
Chris Gates
 
Building your macOS Baseline Requirements MacadUK 2018
Building your macOS Baseline Requirements MacadUK 2018Building your macOS Baseline Requirements MacadUK 2018
Building your macOS Baseline Requirements MacadUK 2018
Henry Stamerjohann
 
Tools and Process for Streamlining Mac Deployment
Tools and Process for Streamlining Mac DeploymentTools and Process for Streamlining Mac Deployment
Tools and Process for Streamlining Mac Deployment
Timothy Sutton
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
Uchit Vyas ☁
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms
SecuRing
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
Avansa Mid- en Zuidwest
 
ethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.pptethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.ppt
ricagip499
 

Similar a 0-Day Up Your Sleeve - Attacking macOS Environments (20)

Software Security : From school to reality and back!
Software Security : From school to reality and back!Software Security : From school to reality and back!
Software Security : From school to reality and back!
 
From velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweatFrom velvet to silk there is still a lot of sweat
From velvet to silk there is still a lot of sweat
 
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
DevOops Redux Ken Johnson Chris Gates - AppSec USA 2016
 
Building your macOS Baseline Requirements MacadUK 2018
Building your macOS Baseline Requirements MacadUK 2018Building your macOS Baseline Requirements MacadUK 2018
Building your macOS Baseline Requirements MacadUK 2018
 
Tools and Process for Streamlining Mac Deployment
Tools and Process for Streamlining Mac DeploymentTools and Process for Streamlining Mac Deployment
Tools and Process for Streamlining Mac Deployment
 
App locker
App lockerApp locker
App locker
 
Defining DevSecOps
Defining DevSecOpsDefining DevSecOps
Defining DevSecOps
 
20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms20+ Ways to Bypass Your macOS Privacy Mechanisms
20+ Ways to Bypass Your macOS Privacy Mechanisms
 
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
OpenTechTalks: Ethical hacking with Kali Linux (Tijl Deneut, UGent)
 
Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)Metasploitation part-1 (murtuja)
Metasploitation part-1 (murtuja)
 
IANS information security forum 2019 summary
IANS information security forum 2019 summaryIANS information security forum 2019 summary
IANS information security forum 2019 summary
 
Derby con 2014
Derby con 2014Derby con 2014
Derby con 2014
 
ethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.pptethical-hacking-18092013112412-ethical-hacking.ppt
ethical-hacking-18092013112412-ethical-hacking.ppt
 
Ch11
Ch11Ch11
Ch11
 
Ch11 system administration
Ch11 system administration Ch11 system administration
Ch11 system administration
 
Machine learning in cybersecutiry
Machine learning in cybersecutiryMachine learning in cybersecutiry
Machine learning in cybersecutiry
 
DEF CON 27 - workshop - RICHARD GOLD - mind the gap
DEF CON 27 - workshop - RICHARD GOLD - mind the gapDEF CON 27 - workshop - RICHARD GOLD - mind the gap
DEF CON 27 - workshop - RICHARD GOLD - mind the gap
 
Technologies for startup
Technologies for startupTechnologies for startup
Technologies for startup
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
Mwlug2014 - IBM Connections Security and Migration
Mwlug2014 - IBM Connections Security and MigrationMwlug2014 - IBM Connections Security and Migration
Mwlug2014 - IBM Connections Security and Migration
 

Más de SecuRing

Developer in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4DevelopersDeveloper in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4Developers
SecuRing
 
Is persistency on serverless even possible?!
Is persistency on serverless even possible?!Is persistency on serverless even possible?!
Is persistency on serverless even possible?!
SecuRing
 
What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!
SecuRing
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
SecuRing
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
SecuRing
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chain
SecuRing
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
SecuRing
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.
SecuRing
 
Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?
SecuRing
 

Más de SecuRing (20)

Developer in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4DevelopersDeveloper in a digital crosshair, 2023 edition - 4Developers
Developer in a digital crosshair, 2023 edition - 4Developers
 
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!Developer in a digital crosshair, 2022 edition - Oh My H@ck!
Developer in a digital crosshair, 2022 edition - Oh My H@ck!
 
Developer in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON NameDeveloper in a digital crosshair, 2022 edition - No cON Name
Developer in a digital crosshair, 2022 edition - No cON Name
 
Is persistency on serverless even possible?!
Is persistency on serverless even possible?!Is persistency on serverless even possible?!
Is persistency on serverless even possible?!
 
What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!What happens on your Mac, stays on Apple’s iCloud?!
What happens on your Mac, stays on Apple’s iCloud?!
 
Developer in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 editionDeveloper in a digital crosshair, 2022 edition
Developer in a digital crosshair, 2022 edition
 
20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms20+ Ways To Bypass Your Macos Privacy Mechanisms
20+ Ways To Bypass Your Macos Privacy Mechanisms
 
How secure are webinar platforms?
How secure are webinar platforms?How secure are webinar platforms?
How secure are webinar platforms?
 
Serverless security: attack & defense
Serverless security: attack & defense Serverless security: attack & defense
Serverless security: attack & defense
 
Abusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS appsAbusing & Securing XPC in macOS apps
Abusing & Securing XPC in macOS apps
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standardsWebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards
 
Let's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleLet's get evil - threat modeling at scale
Let's get evil - threat modeling at scale
 
Attacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chainAttacking AWS: the full cyber kill chain
Attacking AWS: the full cyber kill chain
 
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standardsWeb Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards
 
Budowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOSBudowanie i hakowanie nowoczesnych aplikacji iOS
Budowanie i hakowanie nowoczesnych aplikacji iOS
 
We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.We need t go deeper - Testing inception apps.
We need t go deeper - Testing inception apps.
 
Building & Hacking Modern iOS Apps
Building & Hacking Modern iOS AppsBuilding & Hacking Modern iOS Apps
Building & Hacking Modern iOS Apps
 
Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?Artificial Intelligence – a buzzword, new era of IT or new threats?
Artificial Intelligence – a buzzword, new era of IT or new threats?
 
Building&Hacking modern iOS apps
Building&Hacking modern iOS appsBuilding&Hacking modern iOS apps
Building&Hacking modern iOS apps
 

Último

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 

Último (20)

Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

0-Day Up Your Sleeve - Attacking macOS Environments