Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Penetration Testing on Mac OS X

from [lists73] Network Security [Permanent Link]
Subject: Re: Penetration Testing on Mac OS X
Date: Sat, 28 Jul 2007 16:26:44 +0200 
Hi Michael

Mac OS X has the same vulnerabilities as other operating systems, but
that should not come as a big surprise. Unlike those on Windows,
vulnerabilities on Mac are still not widely exploited and exploit
codes less often published. That might change with time, especially since the
amount of vulnerabilities seems to increase.

Based on own experiences, I would recommend to prepare some simple
demos to demonstrate weaknesses in Mac OS X. For example, the firewall
is not turned on and that can easily be used to install a backdoor,
e.g. a VNC server. Grab a copy of an older version of Mac OS, then
google for some iTunes/QuickTime exploits. The metasploit framework
also contains a few exploits. If they complain about the old version
of the test system, tell them to break into a current version of Win
XP... We published a "Hacking Mac OS X - case study" movie on milw0rm. It
might help you too.

You can also argue with the countermeasures available by comparing
them with Win XP, Vista or Linux. Apple has quite some room for
improvement there.



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cross testing exploit with vulnerability scan results, John M. Martinelli
Next by Date:  Re: Cross testing exploit with vulnerability scan results, Morning Wood
Previous by Thread:  RE: Penetration Testing on Mac OS X, SD List
Next by Thread:  Re: pen testing flash games., Mister Dookie
Indexes:  [Date] [Thread] [Top] [All Lists]