This is the talk I did at Black Hat Europe 2009 together with Charlie Miller(0xCharlie).
Abstract:
Mac OS X continues to spread among users, and with this increased market share comes more scrutinization of the security of the operating system. The topics of vulnerability analysis and exploit techniques have been discussed at length. However, most of these findings stop once a shell has been achieved. This paper introduces advanced payloads which help to avoid detection, avoid forensics, and avoid countermeasures used by the operating system for both Mac OS X and iPhone. These payloads include Meterpreter and userland-exec for forensics evasion and two iPhone payloads which work against factory iPhones, despite the device’s memory protections and code signing mechanisms.
Slides:
White Paper:
You can also find the video of the presentation here.
