Exploiting Zoom on MacOS
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore the process of reverse engineering and exploiting the macOS Zoom client in this HITB Security Conference talk. Delve into the journey of discovering a critical zero-interaction remote code execution vulnerability during a bug bounty event. Learn about the techniques and tools used for reverse engineering Objective-C apps, and gain insights into common exploitation methods applicable to various macOS applications. Understand the potential large-scale remote exploitation via the web and the implications for security. Discover the presenters' approach to the bounty, their logic in uncovering the flaw, and the steps taken to set up a download server and manipulate packages. Gain valuable knowledge on key takeaways, bug fixes, and the importance of collaboration in security research. Acquire practical skills in reverse engineering and exploiting macOS applications that can be applied beyond Zoom.
Syllabus
Introduction
Overview
Background
Bounty Approach
Logic
Setting up our own download server
Cutting off the malicious package
Freedom Freedom
Putting It All Together
Key Takeaways
Bug Fixes
Collaboration is Key
Tools
Questions
Why Zoom is not present in Windows
What if we download Zoom
Prerequisites
Backdoor Zoom
QA
Taught by
Hack In The Box Security Conference
Related Courses
Browser Hacking With ANGLEHack In The Box Security Conference via YouTube Can A Fuzzer Match A Human
Hack In The Box Security Conference via YouTube Biometrics System Hacking in the Age of the Smart Vehicle
Hack In The Box Security Conference via YouTube ICEFALL - Revisiting A Decade Of OT Insecure-By-Design Practices
Hack In The Box Security Conference via YouTube Fuzzing the MCU of Connected Vehicles for Security and Safety
Hack In The Box Security Conference via YouTube