Completed
agenda
Class Central Classrooms beta
YouTube videos curated by Class Central.
Classroom Contents
Exploiting Directory Permissions on macOS
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 whoami
- 3 agenda
- 4 POSIX model - scenarios
- 5 flag modifiers
- 6 sticky bit
- 7 Access Control Lists
- 8 sandbox example (mds)
- 9 static method
- 10 dynamic method
- 11 general idea
- 12 problems
- 13 controlling content
- 14 Install History.plist file - Arbitrary file overwrite vulnerability (CVE-2020-3830)
- 15 Adobe Reader macOS installer - arbitrary file overwrite vulnerability (CVE-2020-3763)
- 16 Grant group write access to plist files via Diagnostic Messages History.plist (CVE-2020-3835)
- 17 macOS fontmover - file disclosure vulnerability (CVE-2019-8837)
- 18 exploitation
- 19 fix
- 20 macOS Diagnostic Messages arbitrary file overwrite vulnerability (CVE-2020-3855)
- 21 Adobe Reader macOS installer - LPE (CVE-2020-3762)
- 22 macOS periodic scripts - 320.whatis script LPE (CVE-2019-8802)
- 23 makewhatis
- 24 whatis database
- 25 OverSight
- 26 Installers
- 27 move operation
- 28 Objective-C