Play all

Intro

whoami

agenda

POSIX model - scenarios

flag modifiers

sticky bit

Access Control Lists

sandbox example (mds)

static method

dynamic method

general idea

problems

controlling content

Install History.plist file - Arbitrary file overwrite vulnerability (CVE-2020-3830)

Adobe Reader macOS installer - arbitrary file overwrite vulnerability (CVE-2020-3763)

Grant group write access to plist files via Diagnostic Messages History.plist (CVE-2020-3835)

macOS fontmover - file disclosure vulnerability (CVE-2019-8837)

exploitation

fix

macOS Diagnostic Messages arbitrary file overwrite vulnerability (CVE-2020-3855)

Adobe Reader macOS installer - LPE (CVE-2020-3762)

macOS periodic scripts - 320.whatis script LPE (CVE-2019-8802)

makewhatis

whatis database

OverSight

Installers

move operation

Objective-C

Description:

Explore the intricacies of exploiting directory permissions on macOS in this 56-minute Hack In The Box Security Conference talk. Delve into the non-intuitive nature of macOS directory and file permissions, uncovering vulnerabilities ranging from arbitrary overwrites to file disclosures and privilege escalation. Learn techniques for controlling file contents without direct write access, applicable to Unix-based systems but focusing on macOS-specific bugs. Examine real-world examples, including CVE-2020-3830, CVE-2020-3763, and CVE-2019-8802, while gaining insights into POSIX models, Access Control Lists, and sandbox environments. Presented by Csaba Fitzl, an experienced computer engineer and red team professional, this talk offers valuable knowledge for both blue and red team security practitioners.

Exploiting Directory Permissions on macOS

Hack In The Box Security Conference

Add to list

#Conference Talks #Hack In The Box Security Conference #Information Security (InfoSec) #Cybersecurity #Ethical Hacking #Privilege Escalation #Personal Development #Self Improvement #Digital Skills #macOS #macOS Security #Vulnerability Analysis

0:00 / 0:00