Summary

Contrary to popular belief, there has never been any shortage of Macintosh-related security issues. OS9 had issues that warranted attention. However, due to both ignorance and a lack of research, many of these issues never saw the light of day. No solid techniques were published for executing arbitrary code on OS9, and there are no notable legacy Macintosh exploits. Due to the combined lack of obvious vulnerabilities nad accompanying exploits, Macintosh appeared to be a solid platform. Threats to Macintosh's OS X operating system are increasing in sophistication and number. Whether it is the exploitation of an increasing number of holes, use of rootkits for post-compromise concealment or disturbed denial of service, knowing why the system is vulnerable and understanding how to defend it is critical to computer security. * Macintosh OS X Boot Process and Forensic Software All the power, all the tools, and all the geekery of Linux is present in Mac OS X. Shell scripts, X11 apps, processes, kernel extensions...it's a UNIX platform....Now, you can master the boot process, and Macintosh forensic software. * Look Back Before the Flood and Forward Through the 21st Century Threatscape Back in the day, a misunderstanding of Macintosh security was more or less industry-wide. Neither the administrators nor the attackers knew much about the platform. Learn from Kevin Finisterre how and why that has all changed! * Malicious Macs: Malware and the Mac As OS X moves further from desktops, laptops, and servers into the world of consumer technology (iPhones, iPods, and so on), what are the implications for the further spread of malware and other security breaches? Find out from David Harley. * Malware Detection and the Mac Understand why the continuing insistence of vociferous Mac zealots that it "can't happen here" is likely to aid OS X exploitationg * Mac OS X for Pen Testers With its BSD roots, super-slick graphical interface, and near-bulletproof reliability, Apple's Mac OS X provides a great platform for pen testing. * WarDriving and Wireless Penetration Testing with OS X Configure and utilize the KisMAC WLAN discovery tool to WarDrive. Next, use the information obtained during a WarDrive, to successfully penetrate a customer's wireless network. * Leopard and Tiger Evasion Follow Larry Hernandez through exploitation techniques, tricks, and features of both OS X Tiger and Leopard, using real-world scenarios for explaining and demonstrating the concepts behind them. * Encryption Technologies and OS X Apple has come a long way from the bleak days of OS9. THere is now a wide array of encryption choices within Mac OS X. Let Gareth Poreus show you what they are. * Cuts through the hype with a serious discussion of the security vulnerabilities of the Mac OS X operating system * Reveals techniques by which OS X can be "owned" * Details procedures to defeat these techniques * Offers a sober look at emerging threats and trends

Macintosh OS X Boot Process and Forensic Software	p. 1
Introduction	p. 2
The Boot Process	p. 3
The Macintosh Boot Process	p. 4
EFI and BIOS: Similar but Different	p. 4
DARWIN	p. 5
The OS X Kernel	p. 5
Macintosh Forensic Software	p. 6
BlackBag Forensic Suite	p. 6
Directory Scan	p. 7
FileSpy	p. 8
HeaderBuilder	p. 9
Other Tools	p. 10
Carbon Copy Cloner	p. 11
MacDrive6/7	p. 13
Summary	p. 16
Past and Current Threats	p. 17
Before the Flood	p. 18
The 21st Century Threatscape	p. 26
Apple Vulnerability/Update Retrospective	p. 27
Exploit Development and Research	p. 56
Malicious Macs: Malware and the Mac	p. 69
Introduction	p. 70
Taxonomy of Malware	p. 72
Viruses	p. 72
Worms	p. 73
Trojan Horses	p. 75
Rootkits and Stealthkits	p. 75
Bots and Botnets	p. 77
Memetic Malware	p. 78
Pre-OS X Mac Malware	p. 81
HyperCard Infectors	p. 81
Application and System Viruses	p. 83
Trojans	p. 86
Macro Malware	p. 88
Heterogeneous Malware Transmission	p. 91
Worms: AutoStart and After	p. 92
OS X and Malware	p. 94
Case Study-OSX/DNSChanger	p. 96
Self-launching vs. User-launched	p. 102
What Does That Mean?	p. 103
Media Attitudes	p. 103
Schadenfreude or Armageddon?	p. 105
Is That It Then?	p. 106
The Future	p. 108
Message to the User Community	p. 110
Message to Apple (and Microsoft!)	p. 111
Watch and Learn	p. 112
Summary	p. 113
Solutions Fast Track	p. 115
Frequently Asked Questions	p. 119
Malware Detection and the Mac	p. 121
Introduction	p. 122
Safe Out of the Box?	p. 123
Anti-malware Technology	p. 132
More About EICAR	p. 133
Classic Anti-malware Detection Techniques	p. 136
Signature Scanning	p. 139
Heuristics Revealed	p. 140
Anti-malware Products	p. 142
Anti-malware Before OS X	p. 143
Disinfectant	p. 145
Anti-malware and OS X	p. 147
avast!	p. 147
ClamAV	p. 148
ClamXav	p. 149
Intego VirusBarrier	p. 151
MacScan	p. 152
McAfee Virex/VirusScan for Mac	p. 152
Sophos	p. 154
Symantec	p. 155
Product Testing	p. 157
Summary	p. 159
Solutions Fast Track	p. 159
Frequently Asked Questions	p. 162
Mac OS X for Pen Testers	p. 163
Introduction	p. 164
The OS X Command Shell	p. 166
Compiling and Porting Open Source Software	p. 169
OS X Developer Tools	p. 170
Perl	p. 172
Configuring CPAN	p. 173
Using CPAN's Interactive Mode	p. 175
Using CPAN in Command-line Mode	p. 178
Installing XWindows	p. 178
Compiling Programs on Mac OS X	p. 180
Compiling Versus Porting	p. 180
Installing Ported Software on Mac OS X	p. 181
Why Port: A Source Install Gone Bad!	p. 181
OpenDarwin	p. 183
Fink	p. 187
Installing Binary Packages Using apt-get	p. 188
Installing Source Packages using fink	p. 189
Installing Source or Binary Packages Using Fink Commander	p. 190
Using The "Top 75 Security Tools" List	p. 192
Category: Attack (Network)	p. 193
Category: Attack (Scanner)	p. 194
Category: Attack (Web)	p. 194
Category: Crypto	p. 195
Category: Defense	p. 196
Category: Defense / Forensics	p. 197
Category: Evasion	p. 197
Category: Footprinting	p. 198
Category: Monitor (Sniffing)	p. 199
Category: Multipurpose	p. 201
Category: Password Cracking	p. 201
Category: Password Cracking (Remote)	p. 202
Category: Programming	p. 203
Category: Scanning	p. 203
Installing and Using The "Big" Tools	p. 204
Wireshark	p. 204
Installing Wireshark on MacOS X from Source	p. 204
Installing Wireshark on MacOS X Using DarwinPorts	p. 210
Nessus	p. 211
Summary	p. 215
Solutions Fast Track	p. 215
Links to Sites	p. 216
Frequently Asked Questions	p. 217
WarDriving and Wireless Penetration Testing with OS X	p. 219
Introduction	p. 220
WarDriving with KisMAC	p. 220
Starting KisMAC and Initial Configuration	p. 220
Configuring the KisMAC Preferences	p. 221
Scanning Options	p. 222
Filter Options	p. 223
Sound Preferences	p. 223
Traffic	p. 226
KisMAC Preferences	p. 227
Mapping WarDrives with KisMAC	p. 228
Importing a Map	p. 228
Using a GPS	p. 228
Ready to Import	p. 229
WarDriving with KisMAC	p. 233
Using the KisMAC Interface	p. 233
The KisMAC Window View Buttons	p. 234
Additional View Options with KisMAC	p. 236
Penetration Testing with OS X	p. 238
Attacking WLAN Encryption with KisMAC	p. 238
Attacking WEP with KisMAC	p. 238
Reinjection	p. 240
Attacking WPA with KisMAC	p. 242
Other Attacks	p. 243
Bruteforce Attacks Against 40-bit WEP	p. 243
Wordlist Attacks	p. 243
Other OS X Tools for WarDriving and WLAN Testing	p. 243
Summary	p. 246
Solutions Fast Track	p. 246
Frequently Asked Questions	p. 248
Security and OS X	p. 251
Leopard and Tiger Evasion	p. 252
Application Firewall	p. 252
iSight Voyeurism	p. 253
Reliable Local Stack Buffer Overflow Exploitation	p. 255
dylib (Dynamic Library) Injection and Other Nifty Tricks	p. 261
Return to dyld Stubs and libSystem for Tiger	p. 264
Leopard and Address Space Layout Randomization (ASLR)	p. 269
Month of Apple Bugs	p. 272
Pressure on Vendors and Effects	p. 272
Overview of the Outcome	p. 273
The Beginning: QuickTime RTSP URL Handler Flaw	p. 275
A iPhoto Photocast XML Format String Vulnerability	p. 276
The Exploit of the Apes	p. 277
Apple DMG and Filesystem-related Kernel Vulnerabilities	p. 280
AppleTalk ATPsndrsp() Heap Buffer Overflow Vulnerability	p. 281
A mDNSResponder in Scarlet	p. 282
The First Flaw: 1990 Style Stack Buffer Overflows Rock	p. 284
The Second Flaw: When You Go Beyond the Limits	p. 285
Abusing the mDNSResponder for Remote Root Profit	p. 287
Encryption Technologies and OS X	p. 289
Introduction: OS9 TO OS X	p. 290
OS X Security and Encryption: Encryption Within OS X	p. 291
The System Keychain	p. 291
Better Keychain Security	p. 292
OS X Security and Encryption: OS X Password Encryption	p. 293
Symmetric Ciphers	p. 293
Asymmetric Ciphers	p. 293
Hashes	p. 294
Password Cracking	p. 295
Shadows and DES	p. 295
SHA-1	p. 296
Windows LAN Manager	p. 296
Salt and Rainbow Tables	p. 297
Disk Images and Secure Virtual Disks	p. 297
FileVault and Encrypted DMG Files	p. 297
AES	p. 298
FileVault	p. 299
Plaintext Memory	p. 300
Insecure Hardware	p. 301
Firewire DMA	p. 301
Patching DMA	p. 302
Alternative RAM Attacks	p. 303
Alternative Encryption Systems	p. 303
Wireless Encryption	p. 304
WEP	p. 305
Initialization Vectors	p. 305
WEP Threats	p. 306
Wi-Fi Protected Access (WPA)	p. 307
WPA Threats	p. 308
Entropy, Passwords, and WPA	p. 308
Secure Communication	p. 309
Secure Socket Layer	p. 309
Diffie and Hellman, Public Key Exchange	p. 310
Man In the Middle	p. 311
Certificate Authorities	p. 312
Secure Communications: Summary of Suggestions	p. 312
Secure Shell and Tunneling	p. 313
Open Source Efforts	p. 313
SSH	p. 313
SSHD	p. 316
VPN Encryption	p. 317
Vpn	p. 317
PPTP, L2TP, and OPENVPN	p. 317
IPsec	p. 317
IPv6	p. 318
Summary	p. 320
References	p. 320
Index	p. 323
Table of Contents provided by Ingram. All Rights Reserved.

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.