3. Me??
an Engineer by heart, a Researcher by night
common human with extra ordinary stuff in my
head
easy go, easy left
4. cat /etc/person
handle orign : Reza Jalalddin Al-haroh
nick : ask google, or stay away from me
follow me at twitter.com/rezajalal
bin/bash3.2# locate reza
5. Why Mac OS X?
64 bit native operating system
quick primer in unix / BSD
the multi-user nature of unix system
the unix file system and associated permission
model
the way unix provide network service
lets you have your cake and eat it too
6. how to install unix tools apple didn’t
include with OS X?
macports > www.macports.org
homebrew > mxcl.github.com/homebrew/
requirement : Xcode with X11
7. mac for scanning network
whois
robtex.com
nmap -A -T 5 -v -sV xxx.xxx.xxx.xxx
9. high risk social engineering
in action
intruders : mac os x 10.7.1
target : windows 7 SP 1 32 bit
exploit :
signet applet social engineering code exec
Microsoft windows UAC protection bypass
17. MAC OS X lion in the wild
founder patrick dunstan > http://
www.defenceindepth.net
september 2011
Lion provides non root-user the ability to still
view password hash data by extracting from
directory service
encrypt by OS X LION hashes (SHA512 + 4
bytes salt)
18. MAC OS X lion in the wild
directory service command line utility
dscl localhost -read /Search/Users/c0r3
dsAttrTypeNative:ShadowHashData:
hard to bruteforce or decrypt
dscl localhost -passwd /Search/Users/c0r3