0-Day Up Your Sleeve – Attacking macOS Environments

Author: Wojciech Reguła

Do you have Macs in your company’s infrastructure? Nowadays, I bet that in most cases the answer would be YES. Macs stopped being computers only used in startups. We can observe them even in huge legacy environments in banks and other corporations. The problem is that they are usually not symmetrically secured, compared to the rest of Windows stations. Macs are not immune, they can be insecurely configured and now…even Apple admits that malware is present on Macs.

In this presentation I will:

  • Introduce you to macOS security mechanisms
  • Perform step-by-step macOS infection based on my 0-day (live demo)
  • Show you post-exploitation techniques
  • Attack installed apps and collect data from them
  • Give recommendations on how to harden your Mac and macOS infrastructure
Wojciech Reguła
Wojciech Reguła Principal IT Security Consultant
Head of Mobile Security