The Mac Hacker's Handbook
(Sprache: Englisch)
As more and more vulnerabilities are found in the Mac OS X (Leopard) operating system, security researchers are realizing the importance of developing proof of concept exploits for those vulnerabilities. This unique tome is the first book to uncover the...
Leider schon ausverkauft
versandkostenfrei
Buch
27.20 €
Produktdetails
Produktinformationen zu „The Mac Hacker's Handbook “
As more and more vulnerabilities are found in the Mac OS X (Leopard) operating system, security researchers are realizing the importance of developing proof of concept exploits for those vulnerabilities. This unique tome is the first book to uncover the flaws in the Mac OS X operating system and how to deal with them.
Klappentext zu „The Mac Hacker's Handbook “
The honeymoon is over.Prepare yourself to thwart Mac attacks.
Where security is concerned, Macs have long led a charmed existence. No more. If you manage security for a network that includes OS X machines, this update on the strengths and weaknesses of Mac OS X is required reading.
Beginning with the core differences between Mac OS X and Windows or Linux, this book follows the steps an attacker would take. You will learn the tools needed to find vulnerabilities, the techniques used to exploit them, and the means by which attackers maintain control once they gain access. When you know how they get in, you'll know how to keep them out.
See what makes Mac OS(r) X unique, what security improvements were added with Leopard(r), and where vulnerabilities lie
Explore uncommon protocols-Bonjour(r), the QuickTime(r) file format, and RTSP
Look for bugs in Apple's source code or use a black box technique such as fuzzing
Examine stack overflow and heap overflow attacks directed at PowerPC and x86 architectures, as well as shellcodes and payloads
Learn to inject code into running processes and how attackers use this technique
Understand Mac OS X-specific rootkit techniques
The honeymoon is over.
Prepare yourself to thwart Mac attacks.
Where security is concerned, Macs have long led a charmed existence. No more. If you manage security for a network that includes OS X machines, this update on the strengths and weaknesses of Mac OS X is required reading.
Beginning with the core differences between Mac OS X and Windows or Linux, this book follows the steps an attacker would take. You will learn the tools needed to find vulnerabilities, the techniques used to exploit them, and the means by which attackers maintain control once they gain access. When you know how they get in, you'll know how to keep them out.
- See what makes Mac OS(r) X unique, what security improvements were added with Leopard(r), and where vulnerabilities lie
- Explore uncommon protocols-Bonjour(r), the QuickTime(r) file format, and RTSP
- Look for bugs in Apple's source code or use a black box technique such as fuzzing
- Examine stack overflow and heap overflow attacks directed at PowerPC and x86 architectures, as well as shellcodes and payloads
- Learn to inject code into running processes and how attackers use this technique
- Understand Mac OS X-specific rootkit techniques
Prepare yourself to thwart Mac attacks.
Where security is concerned, Macs have long led a charmed existence. No more. If you manage security for a network that includes OS X machines, this update on the strengths and weaknesses of Mac OS X is required reading.
Beginning with the core differences between Mac OS X and Windows or Linux, this book follows the steps an attacker would take. You will learn the tools needed to find vulnerabilities, the techniques used to exploit them, and the means by which attackers maintain control once they gain access. When you know how they get in, you'll know how to keep them out.
- See what makes Mac OS(r) X unique, what security improvements were added with Leopard(r), and where vulnerabilities lie
- Explore uncommon protocols-Bonjour(r), the QuickTime(r) file format, and RTSP
- Look for bugs in Apple's source code or use a black box technique such as fuzzing
- Examine stack overflow and heap overflow attacks directed at PowerPC and x86 architectures, as well as shellcodes and payloads
- Learn to inject code into running processes and how attackers use this technique
- Understand Mac OS X-specific rootkit techniques
Inhaltsverzeichnis zu „The Mac Hacker's Handbook “
ForewordIntroduction
Part I Mac OS X Basics
Chapter 1 Mac OS X Architecture
Basics
XNU
Mach
BSD
I/O Kit
Darwin and Friends
Tools of the Trade
Ktrace/DTrace
Objective-C
Universal Binaries and the Mach-O File Format
Universal Binaries
Mach-O File Format
Example
Bundles
launchd
Leopard Security
Library Randomization
Executable Heap
Stack Protection (propolice)
Firewall
Sandboxing (Seatbelt)
References
Chapter 2 Mac OS X Parlance
Bonjour!
Get an IP Address
Set Up Name Translation
Service Discovery
Bonjour
mDNSResponder
Source Code
QuickTime
.mov
RTSP
Conclusion
References
Chapter 3 Attack Surface
Searching the Server Side
Nonstandard Listening Processes
Cutting into the Client Side
Safari
All of Safari's Children
Safe File Types
Having Your Cake
Conclusion
References
Part II Discovering Vulnerabilities
Chapter 4 Tracing and Debugging
Pathetic ptrace
Good Ol' GDB
DTrace
D Programming Language
Describing Probes
Example: Using Dtrace
Example: Using ltrace
Example: Instruction Tracer/Code-Coverage Monitor
Example: Memory Tracer
PyDbg
PyDbg Basics
Memory Searching
In-Memory Fuzzing
Binary Code Coverage with Pai Mei
iTunes Hates You
Conclusion
References
Chapter 5 Finding Bugs
Bug-Hunting Strategies
Old-School Source-Code Analysis
Getting to the Source
Code Coverage
CanSecWest 2008 Bug
vi + Changelog = Leopard 0-day
Apple's Prerelease-Vulnerability Collection
Fuzz Fun
Network Fuzzing
File Fuzzing
Conclusion
References
Chapter 6 Reverse Engineering
Disassembly Oddities
EIP-Relative Data Addressing
Messed-Up Jump Tables
Identifying Missed Functions
Reversing Obj-C
Cleaning Up Obj-C
Shedding Light on objc_msgSend Calls
Case Study
Patching Binaries
Conclusion
References
Part III Exploitation
Chapter 7 Exploiting Stack Overflows
Stack Basics
Stack Usage on PowerPC
Stack Usage on x86
Smashing the Stack on PowerPC
Smashing the Stack on x86
Exploiting the x86 Nonexecutable
... mehr
Stack
Return into system()
Executing the Payload from the Heap
Finding Useful Instruction Sequences
PowerPC
x86
Conclusion
References
Chapter 8 Exploiting Heap Overflows
The Heap
The Scalable Zone Allocator
Regions
Freeing and Allocating Memory
Overwriting Heap Metadata
Arbitrary 4-Byte Overwrite
Large Arbitrary Memory Overwrite
Obtaining Code Execution
Taming the Heap with Feng Shui
Fill 'Er Up
Feng Shui
WebKit's JavaScript
Case Study
Feng Shui Example
Heap Spray
References
Chapter 9 Exploit Payloads
Mac OS X Exploit Payload Development
Restoring Privileges
Forking a New Process
Executing a Shell
Encoders and Decoders
Staged Payload Execution
Payload Components
PowerPC Exploit Payload
execve_binsh
system
decode_longxor
tcp_listen 231
tcp_connect
tcp_find
dup2_std_fds
vfork
Testing Simple Components
Putting Together Simple Payloads
Intel x86 Exploit Payloads
remote_execution_loop
inject_bundle
Testing Complex Components
Conclusion
References
Chapter 10 Real-World Exploits
QuickTime RTSP Content-Type Header Overflow
Triggering the Vulnerability
Exploitation on PowerPC
Exploitation on x86
mDNSResponder UPnP Location Header Overflow
Triggering the Vulnerability
Exploiting the Vulnerability
Exploiting on PowerPC
QuickTime QTJava toQTPointer() Memory Access
Exploiting toQTPointer()
Obtaining Code Execution
Conclusion
References
Part IV Post-Exploitation
Chapter 11 Injecting, Hooking, and Swizzling
Introduction to Mach
Mach Abstractions
Mach Security Model Mach Exceptions
Mach Injection
Remote Threads
Remote Process Memory
Loading a Dynamic Library or Bundle
Inject-Bundle Usage
Example: iSight Photo Capture
Function Hooking
Example: SSLSpy
Objective-C Method Swizzling
Example: iChat Spy
Conclusion
References
Chapter 12 Rootkits
Kernel Extensions
Hello Kernel
System Calls
Hiding Files
Hiding the Rootkit
Maintaining Access across Reboots
Controlling the Rootkit
Creating the RPC Server
Injecting Kernel RPC Servers
Calling the Kernel RPC Server
Remote Access
Hardware-Virtualization Rootkits
Hyperjacking
Rootkit Hypervisor
Conclusion
References
Index
Return into system()
Executing the Payload from the Heap
Finding Useful Instruction Sequences
PowerPC
x86
Conclusion
References
Chapter 8 Exploiting Heap Overflows
The Heap
The Scalable Zone Allocator
Regions
Freeing and Allocating Memory
Overwriting Heap Metadata
Arbitrary 4-Byte Overwrite
Large Arbitrary Memory Overwrite
Obtaining Code Execution
Taming the Heap with Feng Shui
Fill 'Er Up
Feng Shui
WebKit's JavaScript
Case Study
Feng Shui Example
Heap Spray
References
Chapter 9 Exploit Payloads
Mac OS X Exploit Payload Development
Restoring Privileges
Forking a New Process
Executing a Shell
Encoders and Decoders
Staged Payload Execution
Payload Components
PowerPC Exploit Payload
execve_binsh
system
decode_longxor
tcp_listen 231
tcp_connect
tcp_find
dup2_std_fds
vfork
Testing Simple Components
Putting Together Simple Payloads
Intel x86 Exploit Payloads
remote_execution_loop
inject_bundle
Testing Complex Components
Conclusion
References
Chapter 10 Real-World Exploits
QuickTime RTSP Content-Type Header Overflow
Triggering the Vulnerability
Exploitation on PowerPC
Exploitation on x86
mDNSResponder UPnP Location Header Overflow
Triggering the Vulnerability
Exploiting the Vulnerability
Exploiting on PowerPC
QuickTime QTJava toQTPointer() Memory Access
Exploiting toQTPointer()
Obtaining Code Execution
Conclusion
References
Part IV Post-Exploitation
Chapter 11 Injecting, Hooking, and Swizzling
Introduction to Mach
Mach Abstractions
Mach Security Model Mach Exceptions
Mach Injection
Remote Threads
Remote Process Memory
Loading a Dynamic Library or Bundle
Inject-Bundle Usage
Example: iSight Photo Capture
Function Hooking
Example: SSLSpy
Objective-C Method Swizzling
Example: iChat Spy
Conclusion
References
Chapter 12 Rootkits
Kernel Extensions
Hello Kernel
System Calls
Hiding Files
Hiding the Rootkit
Maintaining Access across Reboots
Controlling the Rootkit
Creating the RPC Server
Injecting Kernel RPC Servers
Calling the Kernel RPC Server
Remote Access
Hardware-Virtualization Rootkits
Hyperjacking
Rootkit Hypervisor
Conclusion
References
Index
... weniger
Autoren-Porträt von Charlie Miller, Dino Dai Zovi
CharlIe Millerwon the second CanSecWest Pwn2Own contest in 2008 and was named one of the Top 10 Computer Hackers of 2008 by Popular Mechanics.Dino Dai Zovi won the first CanSecWest Pwn2Own contest in 2007 and was named one of the 15 Most Influential People in Security by eWEEK.
Bibliographische Angaben
- Autoren: Charlie Miller , Dino Dai Zovi
- 2009, 1. Auflage., XVI, 368 Seiten, mit Schwarz-Weiß-Abbildungen, mit Abbildungen, Maße: 23,4 cm, Kartoniert (TB), Englisch
- Verlag: Wiley & Sons
- ISBN-10: 0470395362
- ISBN-13: 9780470395363
Sprache:
Englisch
Kommentar zu "The Mac Hacker's Handbook"
0 Gebrauchte Artikel zu „The Mac Hacker's Handbook“
Zustand | Preis | Porto | Zahlung | Verkäufer | Rating |
---|
Schreiben Sie einen Kommentar zu "The Mac Hacker's Handbook".
Kommentar verfassen