Exploiting Zoom on MacOS
Offered By: Hack In The Box Security Conference via YouTube
Course Description
Overview
Explore the process of reverse engineering and exploiting the macOS Zoom client in this HITB Security Conference talk. Delve into the journey of discovering a critical zero-interaction remote code execution vulnerability during a bug bounty event. Learn about the techniques and tools used for reverse engineering Objective-C apps, and gain insights into common exploitation methods applicable to various macOS applications. Understand the potential large-scale remote exploitation via the web and the implications for security. Discover the presenters' approach to the bounty, their logic in uncovering the flaw, and the steps taken to set up a download server and manipulate packages. Gain valuable knowledge on key takeaways, bug fixes, and the importance of collaboration in security research. Acquire practical skills in reverse engineering and exploiting macOS applications that can be applied beyond Zoom.
Syllabus
Introduction
Overview
Background
Bounty Approach
Logic
Setting up our own download server
Cutting off the malicious package
Freedom Freedom
Putting It All Together
Key Takeaways
Bug Fixes
Collaboration is Key
Tools
Questions
Why Zoom is not present in Windows
What if we download Zoom
Prerequisites
Backdoor Zoom
QA
Taught by
Hack In The Box Security Conference
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network