OS X Exploits and Defense

Paul Baccas, Kevin Finisterre, Larry H., David Harley, Gary Porteus, Chris Hurley, Johnny Long

買這商品的人也買了...

商品描述

Contrary to popular belief, there has never been any shortage of Macintosh-related security issues. OS9 had issues that warranted attention. However, due to both ignorance and a lack of research, many of these issues never saw the light of day. No solid techniques were published for executing arbitrary code on OS9, and there are no notable legacy Macintosh exploits. Due to the combined lack of obvious vulnerabilities and accompanying exploits, Macintosh appeared to be a solid platform. Threats to Macintosh's OS X operating system are increasing in sophistication and number. Whether it is the exploitation of an increasing number of holes, use of rootkits for post-compromise concealment or disturbed denial of service, knowing why the system is vulnerable and understanding how to defend it is critical to computer security.

* Macintosh OS X Boot Process and Forensic Software All the power, all the tools, and all the geekery of Linux is present in Mac OS X. Shell scripts, X11 apps, processes, kernel extensions...it's a UNIX platform....Now, you can master the boot process, and Macintosh forensic software.

* Look Back Before the Flood and Forward Through the 21st Century Threatscape Back in the day, a misunderstanding of Macintosh security was more or less industry-wide. Neither the administrators nor the attackers knew much about the platform. Learn from Kevin Finisterre how and why that has all changed!

* Malicious Macs: Malware and the Mac As OS X moves further from desktops, laptops, and servers into the world of consumer technology (iPhones, iPods, and so on), what are the implications for the further spread of malware and other security breaches? Find out from David Harley.

* Malware Detection and the Mac Understand why the continuing insistence of vociferous Mac zealots that it "can't happen here" is likely to aid OS X exploitationg

* Mac OS X for Pen Testers With its BSD roots, super-slick graphical interface, and near-bulletproof reliability, Apple's Mac OS X provides a great platform for pen testing.

* WarDriving and Wireless Penetration Testing with OS X Configure and utilize the KisMAC WLAN discovery tool to WarDrive. Next, use the information obtained during a WarDrive, to successfully penetrate a customer's wireless network.

* Leopard and Tiger Evasion Follow Larry Hernandez through exploitation techniques, tricks, and features of both OS X Tiger and Leopard, using real-world scenarios for explaining and demonstrating the concepts behind them.

* Encryption Technologies and OS X Apple has come a long way from the bleak days of OS9. THere is now a wide array of encryption choices within Mac OS X. Let Gareth Poreus show you what they are.

* Cuts through the hype with a serious discussion of the security
vulnerabilities of the Mac OS X operating system
* Reveals techniques by which OS X can be "owned"
* Details procedures to defeat these techniques
* Offers a sober look at emerging threats and trends

商品描述(中文翻譯)

與普遍觀念相反,Macintosh相關的安全問題從未短缺。OS9存在需要關注的問題。然而,由於無知和缺乏研究,許多這些問題從未見天日。在OS9上沒有發表過執行任意代碼的可靠技術,也沒有值得注意的舊版Macintosh的漏洞利用。由於明顯漏洞和相應的利用的缺乏,Macintosh看起來是一個堅固的平台。對Macintosh的OS X操作系統的威脅在數量和複雜性上不斷增加。了解系統的脆弱性並理解如何保護它對於計算機安全至關重要。

* Macintosh OS X開機過程和法醫軟件:Mac OS X具有Linux的所有功能、工具和技術。Shell腳本、X11應用程序、進程、內核擴展...它是一個UNIX平台...現在,您可以掌握開機過程和Macintosh法醫軟件。

* 在洪水之前回顧和通過21世紀的威脅風景:在過去,對Macintosh安全的誤解幾乎是整個行業的共識。無論是管理員還是攻擊者,對這個平台都知之甚少。從Kevin Finisterre那裡了解這一切如何發生和為什麼發生了變化!

* 惡意的Mac:惡意軟件和Mac:隨著OS X越來越遠離桌面、筆記本電腦和服務器,進入消費技術(iPhone、iPod等),這對於惡意軟件和其他安全漏洞的進一步傳播有什麼影響?從David Harley那裡找到答案。

* 惡意軟件檢測和Mac:了解為什麼Mac的狂熱支持者堅稱“這裡不可能發生”可能有助於OS X的利用。

* Mac OS X用於測試人員:憑藉其BSD根源、超級流暢的圖形界面和幾乎無懈可擊的可靠性,蘋果的Mac OS X為測試人員提供了一個很好的平台。

* 使用OS X進行WarDriving和無線滲透測試:配置並使用KisMAC WLAN發現工具進行WarDrive。然後,使用在WarDrive期間獲得的信息成功滲透客戶的無線網絡。

* 豹和虎的逃避:跟隨Larry Hernandez通過實際情境解釋和演示OS X Tiger和Leopard的利用技術、技巧和功能。

* 加密技術和OS X:蘋果已經從OS9的黑暗時代走了很長的路。現在,在Mac OS X中有各種各樣的加密選擇。讓Gareth Poreus向您展示它們。

* 以嚴肅的討論方式剖析Mac OS X操作系統的安全漏洞。

* 揭示OS X被攻擊的技術。

* 詳細介紹擊敗這些技術的程序。

* 提供對新興威脅和趨勢的冷靜觀察。