Protected: Advanced Penetration Testing Day 8 – LAB TIME
Protected: Advanced Penetration Testing Day 7 – WEBAPP attacks
Protected: Advanced Penetration Testing Day 6 – Wireless Attacks
Protected: Advanced Penetration Testing Day 4 – Intro to Metasploit
Protected: Advanced Penetration Testing Day 3 – Footprint the Services
Protected: Advanced Penetration Testing Day 5 – Wireless Basics
Protected: Advanced Penetration Testing Day 2 – Building the Lab and other Tools
Protected: Advanced Penetration Testing Day 1 – Preparation and tools
Kernel Apple Vulnerability –
I have been away for some time.
In the first day of my return I have found the following vulnerability related with Apple.
It seems nasty… Although it cannot be remotely exploited it might be used in phishing campaigns that might trick the user to execute some software that takes ownership of the computer.
This local privilege escalation flaw resides in IOHIDFamily, an extension of the macOS kernel which has been designed for human interface devices (HID), like a touchscreen or buttons, allowing an attacker to install a root shell or execute arbitrary code on the system.
More info:
Fuck it, dropping a macOS 0day. Happy New Year, everyone. https://t.co/oG2nOlUOjk
— Siguza (@s1guza) December 31, 2017
Exploit / Proof of concept
https://siguza.github.io/IOHIDeous/