You are previewing The Mac Hacker's Handbook.
O'Reilly logo
The Mac Hacker's Handbook

Book Description

As more and more vulnerabilities are found in the Mac OS X (Leopard) operating system, security researchers are realizing the importance of developing proof-of-concept exploits for those vulnerabilities. This unique tome is the first book to uncover the flaws in the Mac OS X operating system—and how to deal with them. Written by two white hat hackers, this book is aimed at making vital information known so that you can find ways to secure your Mac OS X systems, and examines the sorts of attacks that are prevented by Leopard's security defenses, what attacks aren't, and how to best handle those weaknesses.

Table of Contents

  1. Cover
  2. Title Page
  3. Copyright
  4. Dedication
  5. About the Authors
  6. Credits
  7. Acknowledgments
  8. Foreword
  9. Introduction
    1. Overview of the Book and Technology
    2. How This Book Is Organized
    3. Who Should Read This Book
    4. Tools You Will Need
    5. What’s on the Website
    6. Final Note
  10. Part I: Mac OS X Basics
    1. Chapter 1: Mac OS X Architecture
      1. Basics
      2. Tools of the Trade
      3. Ktrace/DTrace
      4. Objective-C
      5. Universal Binaries and the Mach-O File Format
      6. Bundles
      7. launchd
      8. Leopard Security
      9. References
    2. Chapter 2: Mac OS X Parlance
      1. Bonjour!
      2. QuickTime
      3. Conclusion
      4. References
    3. Chapter 3: Attack Surface
      1. Searching the Server Side
      2. Cutting into the Client Side
      3. Conclusion
      4. References
  11. Part II: Discovering Vulnerabilities
    1. Chapter 4: Tracing and Debugging
      1. Pathetic ptrace
      2. Good Ol’ GDB
      3. DTrace
      4. PyDbg
      5. iTunes Hates You
      6. Conclusion
      7. References
    2. Chapter 5: Finding Bugs
      1. Bug-Hunting Strategies
      2. Old-School Source-Code Analysis
      3. vi + Changelog = Leopard 0-day
      4. Apple’s Prerelease-Vulnerability Collection
      5. Fuzz Fun
      6. Conclusion
      7. References
    3. Chapter 6: Reverse Engineering
      1. Disassembly Oddities
      2. Reversing Obj-C
      3. Case Study
      4. Conclusion
      5. References
  12. Part III: Exploitation
    1. Chapter 7: Exploiting Stack Overflows
      1. Stack Basics
      2. Smashing the Stack on PowerPC
      3. Smashing the Stack on x86
      4. Exploiting the x86 Non-executable Stack
      5. Finding Useful Instruction Sequences
      6. Conclusion
      7. References
    2. Chapter 8: Exploiting Heap Overflows
      1. The Heap
      2. The Scalable Zone Allocator
      3. Overwriting Heap Metadata
      4. Taming the Heap with Feng Shui
      5. Case Study
      6. References
    3. Chapter 9: Exploit Payloads
      1. Mac OS X Exploit Payload Development
      2. PowerPC Exploit Payloads
      3. Intel x86 Exploit Payloads
      4. Conclusion
      5. References
    4. Chapter 10: Real-World Exploits
      1. QuickTime RTSP Content-Type Header Overflow
      2. mDNSResponder UPnP Location Header Overflow
      3. QuickTime QTJava toQTPointer() Memory Access
      4. Conclusion
      5. References
  13. Part IV: Post-Exploitation
    1. Chapter 11: Injecting, Hooking, and Swizzling
      1. Introduction to Mach
      2. Mach Injection
      3. Function Hooking
      4. Objective-C Method Swizzling
      5. Conclusion
      6. References
    2. Chapter 12: Rootkits
      1. Kernel Extensions
      2. System Calls
      3. Hiding Files
      4. Hiding the Rootkit
      5. Maintaining Access across Reboots
      6. Controlling the Rootkit
      7. Remote Access
      8. Hardware-Virtualization Rootkits
      9. Conclusion
      10. References
  14. Index