Automated Dylib Hijacking

DerbyCon 9.0 - Finish Line

Presented by: Jimi Sebree
Date: Friday September 06, 2019
Time: 17:30 - 18:00
Location: Stable Talks

Applications on macOS use a common and flawed method of loading dynamic libraries (dylib), which leaves them vulnerable to a post-exploitation technique known as dylib hijacking. Dylib hijacking is a technique used to exploit this flawed loading method in order to achieve privilege escalation, persistence, or the ability to run arbitrary code. This talk provides an overview of the attack vector and the process involved in exploiting vulnerable applications. Additionally, the process of automating the exploitation of vulnerable applications will be demonstrated and discussed in depth. The tools developed and used for this demonstration will be made publicly available.

Jimi Sebree

Jimi is a Senior member of Tenable's Zero Day Research team. He bounces between research disciplines in an effort to appear knowledgeable about a variety of topics. Occasionally he succeeds in tricking someone into listening to him. When not working, Jimi is an avid rock climber and beer enthusiast.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats