2

There are many resources on Linux exploit development, but I cannot find any resources targeting macOS, except for some bad ones on YouTube.

Why are there no write-ups on macOS exploitation techniques, taking into account the Mach-O file format and the BSD-based kernel?

schroeder
  • 123,438
  • 55
  • 284
  • 319
Shuzheng
  • 1,097
  • 4
  • 22
  • 37
  • I think your search terms might be off. When I search for "OSX exploit development" I get full-blown courses covering this topic... – schroeder Mar 15 '19 at 14:57
  • Yes, paid courses. Can you find blogs or equivalent, like it is the case for Windows? – Shuzheng Mar 15 '19 at 15:03
  • I suspect that the organizations who are doing professional OSX exploitation are not publishing their results or techniques. – Mike76 Mar 15 '19 at 15:04

1 Answers1

0

A new exploit for iOS/macOS discussed here — https://blog.zecops.com/vulnerabilities/analysis-and-reproduction-of-cve-2019-7286/

Here also is another older blog on macOS Mach-O targeting — https://www.offensive-security.com/vulndev/evocam-remote-buffer-overflow-on-osx/

atdre
  • 18,885
  • 6
  • 58
  • 107
  • Thank you - still the amount of resources is next to nothing compared to Windows/Linux material. – Shuzheng Mar 17 '19 at 13:00
  • The resources are just in different places, under the auspice of Obj-C/Cocoa development instead of classic pen tester resources. Check out books like The Complete Friday Q&A or the newosxbook.com website and training. – atdre Mar 17 '19 at 16:25
  • ahh, that explains things. If you know other canonical resources, please add them – Shuzheng Mar 17 '19 at 16:32