Wojciech Reguła

Designation:

Principal Security Consultant, SecuRing

Talk Title:

0-Day Up Your Sleeve - Attacking macOS Environments

Abstract:

Do you have Macs in your company's infrastructure? Nowadays, I bet that in most cases the answer would be YES. Macs stopped being computers only used in startups. We can observe them even in huge legacy environments in banks and other corporations. The problem is that they are usually not symmetrically secured, compared to the rest of Windows stations. Macs are not immune, they can be insecurely configured and now...even Apple admits that malware is present on Macs.

In this presentation I will:

• Introduce you to macOS security mechanisms
• Perform step-by-step macOS infection based on my 0-day (live demo)
• Show you post-exploitation techniques
• Attack installed apps and collect data from them
• Give recommendations on how to harden your Mac and macOS infrastructure

Bio:

Wojciech is a Principal Security Consultant working at SecuRing. He specializes in application security on Apple devices. He created the iOS Security Suite - an open-source anti-tampering framework. Bugcrowd MVP, found vulnerabilities in Apple, Facebook, Malwarebytes, Slack, Atlassian, and others. In his free time, he runs an infosec blog - https://wojciechregula.blog. He shared research on among others Black Hat (Las Vegas, USA), NULLCON (Goa, India), Objective by the Sea (Hawaii, USA), AppSec Global (Tel Aviv, Israel), AppSec EU (London, United Kingdom), CONFidence (Cracow, Poland), BSides (Warsaw, Poland).

Want to connect with Wojciech Reguła?