Macs in the Age of the APT

Black Hat USA 2011

Presented by: Tom Daniels, Aaron Grattafiori, Alex Stamos
Date: Wednesday August 03, 2011
Time: 10:00 - 11:00
Location: Augustus III + IV
Track: Threat Intel

The term "Advanced Persistent Threat" has been wildly overused, often by intrusion victims attempting to make excuses for their poor security preparedness. This labeling abuse should not distract from the fact that many Western businesses are facing industrial espionage on a wide scale. These attacks utilize a very effective combination of social engineering, custom malware development and a good understanding of the weaknesses commonly found in corporate Windows networks.

The increasing market share of Macs in large and small businesses throws a wrench into the plans of attackers and defenders alike. Does the Cocoa API provide equivalent opportunities for malicious software as Win32? Should corporate IT departments utilize OpenDirectory and other Apple management technologies to take control of their Macs? Can OS X Server stand up to escalation attacks better than the oft-updated Active Directory?

This talk will attempt to answer these questions by examining how Macs compare to Windows during every step of the APT attack chain. The speakers will use their experience responding to these attacks to measure OS X against the resiliency of Windows 7 and 2008R2, and will game out how attackers can carry out each step, from initial exploitation to exfiltration, using only issues in Apple technologies. We will complete the talk with recommendations on how to handle Macs in your corporate network, and will demonstrate steps to harden OS X Servers and detect infiltration early in it's lifecycle.

Alex Stamos

Alex Stamos is a co-founder and CTO of iSEC Partners Inc., a strategic digital security organization and part of the NCC Group. Alex is an experienced security engineer specializing in solving difficult problems in application security and is a leading researcher in the field of cloud and mobile security. He has been a featured speaker at top industry conferences such as Black Hat, FS-ISAC, the CIP Congress, Infraguard, Web 2.0 Expo, CanSecWest, DefCon, SyScan, Microsoft BlueHat, Amazon ZonCon and OWASP App Sec. He holds a BSEE from the University of California, Berkeley.

Aaron Grattafiori

Aaron Grattafiori is a Security Consultant with iSEC Partners. With over 7 years of security experience, he utilizes a wide array of skills and a history of independent research to discover vulnerabilities. Prior to working at iSEC Partners, Aaron was a Security Consultant at Security Innovation as well as a Linux Systems Administrator for a statewide ISP. During this time Aaron independently discovered and privately reported major vulnerabilities in widely deployed software and wireless systems. Aaron will be discussing major design flaws in Apple's Enterprise Server Security at SOURCE:Seattle. Aaron's areas of interest include vulnerability research and analysis, exploit development, intelligent fuzzing systems, and reverse engineering.

Tom Daniels

Tom Daniels is a security researcher/consultant at iSEC Partners, an information security firm specializing in application, network, and mobile security. At iSEC, Tom specializes in web application, mobile application, and network security. Tom's areas of interest and current research include anything Mac OS X, reverse engineering, lock picking and exploit development. On the other coast Tom was an Information Systems Auditor at PricewaterhouseCoopers in New York City. Tom received a BS in Computer Science with a minor in Japanese from Georgetown University in 2008.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats