OS X Exploits and Defense

OS X Exploits and Defense

Author: Chris Hurley

Publisher: Elsevier

Published: 2011-04-18

Total Pages: 348

ISBN-13: 0080558763

DOWNLOAD EBOOK

Contrary to popular belief, there has never been any shortage of Macintosh-related security issues. OS9 had issues that warranted attention. However, due to both ignorance and a lack of research, many of these issues never saw the light of day. No solid techniques were published for executing arbitrary code on OS9, and there are no notable legacy Macintosh exploits. Due to the combined lack of obvious vulnerabilities and accompanying exploits, Macintosh appeared to be a solid platform. Threats to Macintosh's OS X operating system are increasing in sophistication and number. Whether it is the exploitation of an increasing number of holes, use of rootkits for post-compromise concealment or disturbed denial of service, knowing why the system is vulnerable and understanding how to defend it is critical to computer security. - Macintosh OS X Boot Process and Forensic Software All the power, all the tools, and all the geekery of Linux is present in Mac OS X. Shell scripts, X11 apps, processes, kernel extensions...it's a UNIX platform....Now, you can master the boot process, and Macintosh forensic software - Look Back Before the Flood and Forward Through the 21st Century Threatscape Back in the day, a misunderstanding of Macintosh security was more or less industry-wide. Neither the administrators nor the attackers knew much about the platform. Learn from Kevin Finisterre how and why that has all changed! - Malicious Macs: Malware and the Mac As OS X moves further from desktops, laptops, and servers into the world of consumer technology (iPhones, iPods, and so on), what are the implications for the further spread of malware and other security breaches? Find out from David Harley - Malware Detection and the Mac Understand why the continuing insistence of vociferous Mac zealots that it "can't happen here" is likely to aid OS X exploitationg - Mac OS X for Pen Testers With its BSD roots, super-slick graphical interface, and near-bulletproof reliability, Apple's Mac OS X provides a great platform for pen testing - WarDriving and Wireless Penetration Testing with OS X Configure and utilize the KisMAC WLAN discovery tool to WarDrive. Next, use the information obtained during a WarDrive, to successfully penetrate a customer's wireless network - Leopard and Tiger Evasion Follow Larry Hernandez through exploitation techniques, tricks, and features of both OS X Tiger and Leopard, using real-world scenarios for explaining and demonstrating the concepts behind them - Encryption Technologies and OS X Apple has come a long way from the bleak days of OS9. THere is now a wide array of encryption choices within Mac OS X. Let Gareth Poreus show you what they are. - Cuts through the hype with a serious discussion of the security vulnerabilities of the Mac OS X operating system - Reveals techniques by which OS X can be "owned" - Details procedures to defeat these techniques - Offers a sober look at emerging threats and trends


Mac OS X, iPod, and iPhone Forensic Analysis DVD Toolkit

Mac OS X, iPod, and iPhone Forensic Analysis DVD Toolkit

Author: Jesse Varsalone

Publisher: Syngress

Published: 2008-12-16

Total Pages: 572

ISBN-13: 0080949185

DOWNLOAD EBOOK

This book provides digital forensic investigators, security professionals, and law enforcement with all of the information, tools, and utilities required to conduct forensic investigations of computers running any variant of the Macintosh OS X operating system, as well as the almost ubiquitous iPod and iPhone. Digital forensic investigators and security professionals subsequently can use data gathered from these devices to aid in the prosecution of criminal cases, litigate civil cases, audit adherence to federal regulatory compliance issues, and identify breech of corporate and government usage policies on networks. MAC Disks, Partitioning, and HFS+ File System Manage multiple partitions on a disk, and understand how the operating system stores data. FileVault and Time Machine Decrypt locked FileVault files and restore files backed up with Leopard's Time Machine. Recovering Browser History Uncover traces of Web-surfing activity in Safari with Web cache and .plist files Recovering Email Artifacts, iChat, and Other Chat Logs Expose communications data in iChat, Address Book, Apple's Mail, MobileMe, and Web-based email. Locating and Recovering Photos Use iPhoto, Spotlight, and shadow files to find artifacts pof photos (e.g., thumbnails) when the originals no longer exist. Finding and Recovering QuickTime Movies and Other Video Understand video file formats--created with iSight, iMovie, or another application--and how to find them. PDF, Word, and Other Document Recovery Recover text documents and metadata with Microsoft Office, OpenOffice, Entourage, Adobe PDF, or other formats. Forensic Acquisition and Analysis of an iPod Documentseizure of an iPod model and analyze the iPod image file and artifacts on a Mac. Forensic Acquisition and Analysis of an iPhone Acquire a physical image of an iPhone or iPod Touch and safely analyze without jailbreaking. - Includes Unique Information about Mac OS X, iPod, iMac, and iPhone Forensic Analysis Unavailable Anywhere Else - Authors Are Pioneering Researchers in the Field of Macintosh Forensics, with Combined Experience in Law Enforcement, Military, and Corporate Forensics


Moving Target Defense II

Moving Target Defense II

Author: Sushil Jajodia

Publisher: Springer Science & Business Media

Published: 2012-09-18

Total Pages: 210

ISBN-13: 1461454158

DOWNLOAD EBOOK

Our cyber defenses are static and are governed by lengthy processes, e.g., for testing and security patch deployment. Adversaries could plan their attacks carefully over time and launch attacks at cyber speeds at any given moment. We need a new class of defensive strategies that would force adversaries to continually engage in reconnaissance and re-planning of their cyber operations. One such strategy is to present adversaries with a moving target where the attack surface of a system keeps changing. Moving Target Defense II: Application of Game Theory and Adversarial Modeling includes contributions from world experts in the cyber security field. In the first volume of MTD, we presented MTD approaches based on software transformations, and MTD approaches based on network and software stack configurations. In this second volume of MTD, a group of leading researchers describe game theoretic, cyber maneuver, and software transformation approaches for constructing and analyzing MTD systems. Designed as a professional book for practitioners and researchers working in the cyber security field, advanced -level students and researchers focused on computer science will also find this book valuable as a secondary text book or reference.


Aggressive Network Self-Defense

Aggressive Network Self-Defense

Author: Neil R. Wyler

Publisher: Elsevier

Published: 2005-04-12

Total Pages: 417

ISBN-13: 0080488293

DOWNLOAD EBOOK

Over the past year there has been a shift within the computer security world away from passive, reactive defense towards more aggressive, proactive countermeasures. Although such tactics are extremely controversial, many security professionals are reaching into the dark side of their tool box to identify, target, and suppress their adversaries. This book will provide a detailed analysis of the most timely and dangerous attack vectors targeted at operating systems, applications, and critical infrastructure and the cutting-edge counter-measures used to nullify the actions of an attacking, criminal hacker.*First book to demonstrate and explore controversial network strike back and countermeasure techniques. *Provides tightly guarded secrets to find out WHO is really attacking you over the internet. *Provides security professionals and forensic specialists with invaluable information for finding and prosecuting criminal hackers.


Defense against the Black Arts

Defense against the Black Arts

Author: Jesse Varsalone

Publisher: CRC Press

Published: 2011-09-07

Total Pages: 414

ISBN-13: 1466509201

DOWNLOAD EBOOK

Exposing hacker methodology with concrete examples, this volume shows readers how to outwit computer predators. With screenshots and step by step instructions, the book discusses how to get into a Windows operating system without a username or password and how to hide an IP address to avoid detection. It explains how to find virtually anything on the Internet and explores techniques that hackers can use to exploit physical access, network access, and wireless vectors. The book profiles a variety of attack tools and examines how Facebook and other sites can be used to conduct social networking attacks.


Mac OS X Maximum Security

Mac OS X Maximum Security

Author: John Ray

Publisher: Sams Publishing

Published: 2003

Total Pages: 770

ISBN-13: 9780672323812

DOWNLOAD EBOOK

While Mac OS X is becoming more and more stable with each release, its UNIX/BSD underpinnings have security implications that ordinary Mac users have never before been faced with. Mac OS X can be used as both a powerful Internet server, or, in the wrong hands, a very powerful attack launch point. Yet most Mac OS X books are generally quite simplistic -- with the exception of the author's "Mac OS X Unleashed," the first book to address OS X's underlying BSD subsystem. "Maximum Mac OS X Security" takes a similar UNIX-oriented approach, going into significantly greater depth on OS X security topics: Setup basics, including Airport and network topology security. User administration and resource management with NetInfo. Types of attacks, how attacks work, and how to stop them. Network service security, such as e-mail, Web, and file sharing. Intrusion prevention and detection, and hands-on detection tools.


The Shellcoder's Handbook

The Shellcoder's Handbook

Author: Chris Anley

Publisher: John Wiley & Sons

Published: 2011-02-16

Total Pages: 758

ISBN-13: 1118079124

DOWNLOAD EBOOK

This much-anticipated revision, written by the ultimate group of top security experts in the world, features 40 percent new content on how to find security holes in any operating system or application New material addresses the many new exploitation techniques that have been discovered since the first edition, including attacking "unbreakable" software packages such as McAfee's Entercept, Mac OS X, XP, Office 2003, and Vista Also features the first-ever published information on exploiting Cisco's IOS, with content that has never before been explored The companion Web site features downloadable code files


The Hacker's Guide to OS X

The Hacker's Guide to OS X

Author: Alijohn Ghassemlouei

Publisher: Newnes

Published: 2012-12-31

Total Pages: 249

ISBN-13: 1597499544

DOWNLOAD EBOOK

Written by two experienced penetration testers the material presented discusses the basics of the OS X environment and its vulnerabilities. Including but limited to; application porting, virtualization utilization and offensive tactics at the kernel, OS and wireless level. This book provides a comprehensive in-depth guide to exploiting and compromising the OS X platform while offering the necessary defense and countermeasure techniques that can be used to stop hackers As a resource to the reader, the companion website will provide links from the authors, commentary and updates. - Provides relevant information including some of the latest OS X threats - Easily accessible to those without any prior OS X experience - Useful tips and strategies for exploiting and compromising OS X systems - Includes discussion of defensive and countermeasure applications and how to use them - Covers mobile IOS vulnerabilities


Client-Side Attacks and Defense

Client-Side Attacks and Defense

Author: Sean-Philip Oriyano

Publisher: Newnes

Published: 2012-09-28

Total Pages: 293

ISBN-13: 1597495913

DOWNLOAD EBOOK

Client-Side Attacks and Defense offers background networks against its attackers. The book examines the forms of client-side attacks and discusses different kinds of attacks along with delivery methods including, but not limited to, browser exploitation, use of rich internet applications, and file format vulnerabilities. It also covers defenses, such as antivirus and anti-spyware, intrusion detection systems, and end-user education. The book explains how to secure Web browsers, such as Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Apple Safari, and Opera. It discusses advanced Web attacks and advanced defenses against them. Moreover, it explores attacks on messaging, Web applications, and mobiles. The book concludes with a discussion on security measures against client-side attacks, starting from the planning of security. This book will be of great value to penetration testers, security consultants, system and network administrators, and IT auditors. - Design and implement your own attack, and test methodologies derived from the approach and framework presented by the authors - Learn how to strengthen your network's host- and network-based defense against attackers' number one remote exploit—the client-side attack - Defend your network against attacks that target your company's most vulnerable asset—the end user


Professional Cocoa Application Security

Professional Cocoa Application Security

Author: Graham J. Lee

Publisher: John Wiley & Sons

Published: 2010-05-13

Total Pages: 338

ISBN-13: 0470887044

DOWNLOAD EBOOK

The first comprehensive security resource for Mac and iPhone developers The Mac platform is legendary for security, but consequently, Apple developers have little appropriate security information available to help them assure that their applications are equally secure. This Wrox guide provides the first comprehensive go-to resource for Apple developers on the available frameworks and features that support secure application development. While Macs are noted for security, developers still need to design applications for the Mac and the iPhone with security in mind; this guide offers the first comprehensive reference to Apple’s application security frameworks and features Shows developers how to consider security throughout the lifecycle of a Cocoa application, including how Mac and iPhone security features work and how to leverage them Describes how to design, implement, and deploy secure Mac and iPhone software, covering how user configurations affect application security, the keychain feature, how to maximize filesystem security, how to write secure code, and much more Professional Cocoa Application Security arms Apple developers with essential information to help them create Mac and iPhone applications as secure as the operating system they run on.