A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Attacking OSX for fun and profit: Toolset Limitations, Frustration and Table Flipping - Viss (Tentler) (Circle City Con 2016 Videos) (Hacking Illustrated Series InfoSec Tutorial Videos)

Attacking OSX for fun and profit: Toolset Limitations, Frustration and Table Flipping
Viss (Tentler)

Circle City Con 2016

I was approached by Fusion to be part of their Real Future, documentary - specifically, and I quote, to see how badly I could fuck his life up, while having control of his laptop,. They wanted me to approach this scenario from how a typical attacker would see it. This journalist was San Francisco Bay Area based, so that meant he was using a mac, an iphone, and his office was using google apps and likely 2 factor authentication for everything. No windows, no powershell, no ms08_067, no netbios, no backdoored ms office documents - how was I supposed to get in? Well, I did get in, but then I was faced with another problem - metasploit doesn,t work so well when attacking osx. And outside of that, there really aren,t ANY tools (at least public ones) that are built for attacking osx. I had to build a toolkit for myself ON THE VICTIMS MACHINE, LIVE during the engagement. And I,m going to tell you all how I did that, what I did, what worked and what didn,t work. The one thing I can say is now I understand why the NSA does surveillance the way they do. You learn 10x more from watching someone via screenshots than you will from any shell, hands down, every time.

Back to Circle City Con 2016 Videos list

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast