OS X Exploits and Defense

Book description

Contrary to popular belief, there has never been any shortage of Macintosh-related security issues. OS9 had issues that warranted attention. However, due to both ignorance and a lack of research, many of these issues never saw the light of day. No solid techniques were published for executing arbitrary code on OS9, and there are no notable legacy Macintosh exploits. Due to the combined lack of obvious vulnerabilities and accompanying exploits, Macintosh appeared to be a solid platform. Threats to Macintosh's OS X operating system are increasing in sophistication and number. Whether it is the exploitation of an increasing number of holes, use of rootkits for post-compromise concealment or disturbed denial of service, knowing why the system is vulnerable and understanding how to defend it is critical to computer security.

  • Macintosh OS X Boot Process and Forensic Software All the power, all the tools, and all the geekery of Linux is present in Mac OS X. Shell scripts, X11 apps, processes, kernel extensions...it's a UNIX platform....Now, you can master the boot process, and Macintosh forensic software
  • Look Back Before the Flood and Forward Through the 21st Century Threatscape Back in the day, a misunderstanding of Macintosh security was more or less industry-wide. Neither the administrators nor the attackers knew much about the platform. Learn from Kevin Finisterre how and why that has all changed!
  • Malicious Macs: Malware and the Mac As OS X moves further from desktops, laptops, and servers into the world of consumer technology (iPhones, iPods, and so on), what are the implications for the further spread of malware and other security breaches? Find out from David Harley
  • Malware Detection and the Mac Understand why the continuing insistence of vociferous Mac zealots that it "can't happen here" is likely to aid OS X exploitationg
  • Mac OS X for Pen Testers With its BSD roots, super-slick graphical interface, and near-bulletproof reliability, Apple's Mac OS X provides a great platform for pen testing
  • WarDriving and Wireless Penetration Testing with OS X Configure and utilize the KisMAC WLAN discovery tool to WarDrive. Next, use the information obtained during a WarDrive, to successfully penetrate a customer's wireless network
  • Leopard and Tiger Evasion Follow Larry Hernandez through exploitation techniques, tricks, and features of both OS X Tiger and Leopard, using real-world scenarios for explaining and demonstrating the concepts behind them
  • Encryption Technologies and OS X Apple has come a long way from the bleak days of OS9. THere is now a wide array of encryption choices within Mac OS X. Let Gareth Poreus show you what they are.
  • Cuts through the hype with a serious discussion of the security vulnerabilities of the Mac OS X operating system
  • Reveals techniques by which OS X can be "owned"
  • Details procedures to defeat these techniques
  • Offers a sober look at emerging threats and trends

Table of contents

  1. Copyright
  2. Visit us at www.syngress.com
    1. Solutions Web Site
    2. Ultimate CDs
    3. Downloadable E-Books
    4. Syngress Outlet
    5. Site Licensing
    6. Custom Publishing
  3. Technical Editor
  4. Contributing Authors
  5. 1. Macintosh OS X Boot Process and Forensic Software
    1. Introduction
    2. The Boot Process
    3. The Macintosh Boot Process
      1. EFI and BIOS: Similar but Different
        1. Darwin
          1. The OS X Kernel
    4. Macintosh Forensic Software
      1. BlackBag Forensic Suite
        1. Directory Scan
        2. FileSpy
        3. HeaderBuilder
        4. Other Tools
      2. Carbon Copy Cloner
        1. MacDrive6/7
    5. Summary
  6. 2. Past and Current Threats
    1. Before the Flood
    2. The 21st Century Threatscape
      1. Apple Vulnerability/Update Retrospective
      2. Exploit Development and Research
  7. 3. Malicious Macs: Malware and the Mac
    1. Introduction
      1. Taxonomy of Malware
        1. Viruses
        2. Worms
        3. Trojan Horses
        4. Rootkits and Stealthkits
        5. Bots and Botnets
        6. Memetic Malware
    2. Pre-OS X Mac Malware
      1. HyperCard Infectors
      2. Application and System Viruses
      3. Trojans
      4. Macro Malware
      5. Heterogeneous Malware Transmission
      6. Worms: AutoStart and After
    3. OS X and Malware
      1. Case Study–OSX/DNSChanger
        1. Self-launching vs. User-launched
        2. What Does That Mean?
        3. Media Attitudes
        4. Schadenfreude or Armageddon?
      2. Is That It Then?
      3. The Future
        1. Message to the User Community
        2. Message to Apple (and Microsoft!)
        3. Watch and Learn
    4. Summary
    5. Solutions Fast Track
      1. Taxonomy of Malware
      2. Pre-OS X Malware
      3. OS X and Malware
    6. Frequently Asked Questions
  8. 4. Malware Detection and the Mac
    1. Introduction
    2. Safe Out of the Box?
    3. Anti-malware Technology
      1. More About EICAR
      2. Classic Anti-malware Detection Techniques
      3. Signature Scanning
      4. Heuristics Revealed
    4. Anti-Malware Products
      1. Anti-malware Before OS X
        1. Disinfectant
      2. Anti-malware and OS X
        1. avast!
        2. ClamAV
        3. ClamXav
        4. Intego VirusBarrier
        5. MacScan
        6. McAfee Virex/VirusScan for Mac
        7. Sophos
        8. Symantec
    5. Product Testing
    6. Summary
    7. Solutions Fast Track
      1. Safe Out of the Box?
      2. Principles of Anti-Malware Technology
      3. Anti-malware Products
      4. Product Testing
    8. Frequently Asked Questions
  9. 5. Mac OS X for Pen Testers
    1. Introduction
    2. The OS X Command Shell
    3. Compiling and Porting Open Source Software
      1. OS X Developer Tools
      2. Perl
        1. Configuring CPAN
        2. Using CPAN’s Interactive Mode
        3. Using CPAN in Command-line Mode
      3. Installing XWindows
      4. Compiling Programs on Mac OS X
      5. Compiling Versus Porting
      6. Installing Ported Software on Mac OS X
        1. Why Port: A Source Install Gone Bad!
        2. OpenDarwin
        3. Fink
        4. Installing Binary Packages Using apt-get
          1. Installing Source Packages using fink
          2. Installing Source or Binary Packages Using Fink Commander
    4. Using the “Top 75 Security Tools” List
      1. Category: Attack (Network)
      2. Category: Attack (Scanner)
      3. Category: Attack (Web)
      4. Category: Crypto
      5. Category: Defense
      6. Category: Defense / Forensics
      7. Category: Evasion
      8. Category: Footprinting
      9. Category: Monitor (Sniffing)
      10. Category: Multipurpose
      11. Category: Password Cracking
      12. Category: Password Cracking (Remote)
      13. Category: Programming
      14. Category: Scanning
    5. Installing and Using the “Big” Tools
      1. Wireshark
      2. Installing Wireshark on MacOS X from Source
      3. Installing Wireshark on MacOS X Using DarwinPorts
      4. Nessus
    6. Summary
    7. Solutions Fast Track
      1. The OS X Command Shell
      2. Compiling and Porting Open Source Software
      3. Using the “Top 75 Security Tools” List
      4. Other OS X “Must Haves”
    8. Links to Sites
    9. Frequently Asked Questions
  10. 6. WarDriving and Wireless Penetration Testing with OS X
    1. Introduction
    2. WarDriving with KisMAC
      1. Starting KisMAC and Initial Configuration
      2. Configuring the KisMAC Preferences
        1. Scanning Options
        2. Filter Options
        3. Sound Preferences
        4. Traffic
        5. KisMAC Preferences
      3. Mapping WarDrives with KisMAC
        1. Importing a Map
          1. Using a GPS
          2. Ready to Import
      4. WarDriving with KisMAC
        1. Using the KisMAC Interface
          1. The KisMAC Window View Buttons
          2. Additional View Options with KisMAC
    3. Penetration Testing with OS X
      1. Attacking WLAN Encryption with KisMAC
        1. Attacking WEP with KisMAC
        2. Reinjection
      2. Attacking WPA with KisMAC
      3. Other Attacks
        1. Bruteforce Attacks Against 40-bit WEP
        2. Wordlist Attacks
    4. Other OS X Tools for WarDriving and WLAN Testing
    5. Summary
    6. Solutions Fast Track
      1. WarDriving with Kismac
      2. Penetration Testing with OS X
      3. Other OS X Tools for WarDriving and WLAN Testing
    7. Frequently Asked Questions
  11. 7. Security and OS X
    1. Leopard and Tiger Evasion
      1. Application Firewall
        1. iSight Voyeurism
        2. Reliable Local Stack Buffer Overflow Exploitation
        3. dylib (Dynamic Library) Injection and Other Nifty Tricks
        4. Return to dyld Stubs and libSystem for Tiger
    2. Leopard and Address Space Layout Randomization (ASLR)
    3. Month of Apple Bugs
      1. Pressure on Vendors and Effects
      2. Overview of the Outcome
        1. The Beginning: QuickTime RTSP URL Handler Flaw
        2. A iPhoto Photocast XML Format String Vulnerability
        3. The Exploit of the Apes
        4. Apple DMG and Filesystem-related Kernel Vulnerabilities
        5. AppleTalk ATPsndrsp( ) Heap Buffer Overflow Vulnerability
      3. A mDNSResponder in Scarlet
        1. The First Flaw: 1990 Style Stack Buffer Overflows Rock
        2. The Second Flaw: When You Go Beyond the Limits
        3. Abusing the mDNSResponder for Remote Root Profit
  12. 8. Encryption Technologies and OS X
    1. Introduction: OS9 TO OS X
    2. OS X Security and Encryption: Encryption Within OS X
      1. The System Keychain
      2. Better Keychain Security
    3. OS X Security and Encryption: OS X Password Encryption
      1. Symmetric Ciphers
      2. Asymmetric Ciphers
      3. Hashes
      4. Password Cracking
      5. Shadows and DES
      6. SHA-1
      7. Windows LAN Manager
      8. Salt and Rainbow Tables
      9. Disk Images and Secure Virtual Disks
        1. FileVault and Encrypted DMG Files
        2. AES
        3. FileVault
        4. Plaintext Memory
        5. Insecure Hardware
        6. Firewire DMA
        7. Patching DMA
        8. Alternative RAM Attacks
        9. Alternative Encryption Systems
      10. Wireless Encryption
        1. WEP
        2. Initialization Vectors
        3. WEP Threats
        4. Wi-Fi Protected Access (WPA)
        5. WPA Threats
        6. Entropy, Passwords, and WPA
      11. Secure Communication
        1. Secure Socket Layer
        2. Diffie and Hellman, Public Key Exchange
        3. Man in the Middle
        4. Certificate Authorities
        5. Secure Communications: Summary of Suggestions:
      12. Secure Shell and Tunneling
        1. Open Source Efforts
        2. SSH
        3. SSHD
      13. VPN Encryption
        1. Vpn
        2. PPTP, L2TP, and OPENVPN
        3. IPsec
        4. IPv6
    4. Summary
    5. References

Product information

  • Title: OS X Exploits and Defense
  • Author(s): Paul Baccas, Kevin Finisterre, Larry H., David Harley, Gary Porteus, Chris Hurley, Johnny Long
  • Release date: April 2011
  • Publisher(s): Syngress
  • ISBN: 9780080558769