Black Hat to offer Mac OS X hacking classes

Summary:As it did last year, the annual Black Hat security conference in Las Vegas will feature a full class on hacking Mac OS X, Mach and Objective-C apps and tools, as well as native Cocoa applications.

As it did last year, the annual Black Hat security conference in Las Vegas will feature a full class on hacking Mac OS X, Mach and Objective-C apps and tools, as well as native Cocoa applications.

The two-day Macsploitation training class will be taught by Italian student and security consultant Vincenzo Iozzo  and professional security analyst Dino Dai Zovi, the author of The Mac Hacker's Handbook.

The second day of the course covers exploitation of security vulnerabilities, covering debugging, exploitation vectors, and payloads. Students will use gdb, IDA Pro, and BinNavi to dynamically examine rich applications and debug exploitation of stack and heap memory corruption vulnerabilities. After students have learned hands-on how to exploit these vulnerabilities, the course will cover OS X payloads and payload techniques. The exploitation labs will be complementary so that students develop their own payloads for their exploit of a vulnerability in a demonstration web browser plugin.

Nice. No, I kid! These guys are helping to keep the Mac safe (we all hope and pray). And the cost isn't cheap, preregistration is $2,000.

Besides bringing a Mac to the conference, attendees will need Vmware Fusion (or equivalent) loaded with a copy of Windows XP loaded, a copy of the IDA Pro disassembler, and Apple's Xcode tools package (it's an additional install on every Mac). The instructors also suggest a copy of zynamics' BinNavi reverse engineering tool with GdbAgent, but that isn't mandatory.

The community can look forward to more Mac security watchers.

At the same time, the state of Mac security continues to much better than that of Windows. It's something that most switchers to the Mac remark upon.

The last update of Mac OS X Snow Leopard (v10.6.6) in January had only one security fix, a vulnerability with Software Update. On the other hand, Microsoft's February Patch Tuesday fixed some 22 vulnerabilities and Microsoft expects to release 3 security bulletins in March to cover 4 serious holes in its OSes.

Topics: Security, Apple, Hardware, Operating Systems, Software

About

David Morgenstern has covered the Mac market and other technology segments for 20 years. In the recent past, he founded Ziff-Davis' Storage Supersite, served as news editor for Ziff Davis Internet and held several executive editorial positions at eWEEK. In the 1990s, David was editor of Ziff Davis' award-winning MacWEEK news publication a... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.