Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Exploiting Zoom on MacOS

Hack In The Box Security Conference via YouTube

Overview

Explore the process of reverse engineering and exploiting the macOS Zoom client in this HITB Security Conference talk. Delve into the journey of discovering a critical zero-interaction remote code execution vulnerability during a bug bounty event. Learn about the techniques and tools used for reverse engineering Objective-C apps, and gain insights into common exploitation methods applicable to various macOS applications. Understand the potential large-scale remote exploitation via the web and the implications for security. Discover the presenters' approach to the bounty, their logic in uncovering the flaw, and the steps taken to set up a download server and manipulate packages. Gain valuable knowledge on key takeaways, bug fixes, and the importance of collaboration in security research. Acquire practical skills in reverse engineering and exploiting macOS applications that can be applied beyond Zoom.

Syllabus

Introduction
Overview
Background
Bounty Approach
Logic
Setting up our own download server
Cutting off the malicious package
Freedom Freedom
Putting It All Together
Key Takeaways
Bug Fixes
Collaboration is Key
Tools
Questions
Why Zoom is not present in Windows
What if we download Zoom
Prerequisites
Backdoor Zoom
QA

Taught by

Hack In The Box Security Conference

Reviews

Start your review of Exploiting Zoom on MacOS

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.