Explore the intricacies of fuzzing applications on macOS in this Hack In The Box Security Conference talk. Delve into overlooked attack surfaces, including file parsers and network services, while learning techniques for fuzzing userland binaries. Discover a new fuzzer that simplifies setup and crash triage when testing Apple core apps and clients. Gain insights into overcoming security protections, finding effective tools, and making macOS fuzzing more accessible. Learn how to approach bug hunting on macOS with increased motivation and better equipment, covering topics such as debugging, SIP, app sandboxing, crash reporting, and targeting specific applications and servers.
Overview
Syllabus
Summer of Fuzz
Agenda
Intro
Debugging
SIP
App Sandbox
Crash Reporting
Sleep
SSH
Enumerating Network Services
Fuzzing
Targeting Applications
Font Book
smbutil
CUPS
Targeting Servers
ARDAgent
screensharingd
ODSAgent
BONUS
Conclusion
Taught by
Hack In The Box Security Conference
