首页
社区
课程
招聘
[转帖]Sniffing Authentication References on macOS
发表于: 2020-3-20 09:57 4558

[转帖]Sniffing Authentication References on macOS

2020-3-20 09:57
4558

Original link: https://objective-see.com/blog/blog_0x55.html

Background

At DefCon 25, I presented a talk titled: “Death By 1000 Installers":

 

https://youtu.be/mBwXkqJ4Z6c

 

In this talk, I highlighted flaws in a myriad of (3rd-party) installers …flaws that allowed local attackers to escalate their privileges to root.

 

The general finding(s) of my research was that installers (that run with elevated privileges) often invoke insecure APIs or perform insecure actions:

 

img

 


[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//