As more and more vulnerabilities are found in the Mac OS X (Leopard) operating system, security researchers are realizing the importance of developing proof-of-concept exploits for those vulnerabilities. This unique tome is the first book to uncover the flaws in the Mac OS X operating system—and how to deal with them. Written by two white hat hackers, this book is aimed at making vital information known so that you can find ways to secure your Mac OS X systems, and examines the sorts of attacks that are prevented by Leopard’s security defenses, what attacks aren’t, and how to best handle those weaknesses.
The Mac Hacker's Handbook
and over one million other books are available for Amazon Kindle.
Learn more
FREE Two-Day Shipping for students on millions of items. Learn more |
| |||||||||||||||
 Sell Back Your Copy for $16.01
Whether you buy it used on Amazon for $16.99 or somewhere else, you can sell it back through our Book Trade-In Program at the current price of $16.01.
Used Price$16.99
Trade-in Price$16.01
Price after
Trade-in$0.98 |
Book Description
Special Offers and Product Promotions
- Buy $50 in qualifying physical textbooks, get $5 in Amazon MP3 Credit. Here's how (restrictions apply)
Frequently Bought Together
Editorial Reviews
From the Back Cover
The honeymoon is over.
Prepare yourself to thwart Mac attacks.
Where security is concerned, Macs have long led a charmed existence. No more. If you manage security for a network that includes OS X machines, this update on the strengths and weaknesses of Mac OS X is required reading.
Beginning with the core differences between Mac OS X and Windows or Linux, this book follows the steps an attacker would take. You will learn the tools needed to find vulnerabilities, the techniques used to exploit them, and the means by which attackers maintain control once they gain access. When you know how they get in, you'll know how to keep them out.
See what makes Mac OS® X unique, what security improvements were added with Leopard®, and where vulnerabilities lie
Explore uncommon protocols—Bonjour®, the QuickTime® file format, and RTSP
Look for bugs in Apple's source code or use a black box technique such as fuzzing
Examine stack overflow and heap overflow attacks directed at PowerPC and x86 architectures, as well as shellcodes and payloads
Learn to inject code into running processes and how attackers use this technique
Understand Mac OS X-specific rootkit techniques
About the Author
CharlIe Millerwon the second CanSecWest Pwn2Own contest in 2008 and was named one of the Top 10 Computer Hackers of 2008 by Popular Mechanics.
Dino Dai Zovi won the first CanSecWest Pwn2Own contest in 2007 and was named one of the 15 Most Influential People in Security by eWEEK.
Product Details
Would you like to update product info or give feedback on images?
|
More About the Authors
Discover books, learn about writers, read author blogs, and more.
Customer Reviews
|
Share your thoughts with other customers:
|
||||||||||||||||||||||
|
Most Helpful Customer Reviews
14 of 14 people found the following review helpful:
5.0 out of 5 stars
The best Mac security reference,
By
This review is from: The Mac Hacker's Handbook (Paperback)
The Mac Hacker's Handbook is the best reference for Mac-specific attack information that I have found. At 368 pages, it may appear small compared to the typical 750+ page security tome. That's because the authors have done a near-perfect job of sticking to the topic at hand, the Mac. The authors do not succumb to the usual temptation to try and teach assembly language or reverse engineering. Rather, they do an excellent job touching on those topics in an OS X context, and assume the reader has a little background in that area already, or can otherwise keep up. I have done some limited research into the areas of Mac malware and process injection in the past. This book has done a fantastic job of filling in many holes in my knowledge that I hadn't been able to take care of before. Plus, it introduced me to a number of Mac-specific security features I wasn't aware of before. Highly recommended for anyone interested in Mac security.
11 of 11 people found the following review helpful:
3.0 out of 5 stars
Good book but needs an update,
By
Amazon Verified Purchase(What's this?)
This review is from: The Mac Hacker's Handbook (Paperback)
The Mac Hacker's Handbook covers a lot of useful technical topics surrounding vulnerability analysis and exploit development for Mac OS X. That said, it doesn't so much teach you directly, as guide your learning. For example, it introduces the use of DTrace on OS X for dynamic analysis. It makes a very good case for DTrace's usefulness in reverse engineering, and for you to go out on your own and learn about it. Its DTrace examples aren't really freestanding, and require some background that you must get yourself. If the book were to give you the necessary background on every topic it introduces, it would be an enormous tome, and the authors probably would still be writing it.
Think of the book as explaining to you what all tools you need in your Mac hacking toolbox and why you need them, and how to put them together once you have them. It's up to you do go develop those skills on your own. The biggest shortcoming of the book, however, is it is out of date. The concepts are sound and still very applicable, but the examples are written for OS X 10.5. Most do not work on Snow Leopard. Many you can get to work if you go out and beat the pavement trying to figure them out. I recommend this, but be aware, your progress through the book will be slow going as you get bogged down trying to figure out how to adapt each example so that it works. This book succeeds if taken for what it is: a guide for your learning. You'll need to invest a fair amount of sweat equity to get the most out of it, though.
7 of 8 people found the following review helpful:
5.0 out of 5 stars
Breaks new ground into the Mac,
By
This review is from: The Mac Hacker's Handbook (Paperback)
As a security professional Mac's are an interesting subject. They combine many of the best features from other operating systems into a wonderful package. I purchased a Macbook during a pen test about 8 months ago and have been in love with it since then. Before this book looking at security on Apple products was a difficult dive into the unknown. Charlie and Dino have done a lot of hard work and figured out the internals of OS X as related to security. They clearly present what's going inside the OS and how they learned the internals. This enables other security professionals to follow their method to both gain better understanding and to know what's wrong when something inevitably changes.
I'd definitely recommend this book for experienced security professionals looking to do exploit development on the Mac.
Share your thoughts with other customers: Create your own review
|
|
Inside This Book
(learn more)
Key Phrases - Statistically Improbable Phrases (SIPs):
(learn more)
finding bugs, atom type, library randomization, sysent table, mtspr ctr, debug deny, useful instruction sequences, mou eax, heap metadata, ctr register, msf exploit, gword ptr, heap spray, overwritten return address, exploit payloads, bundle injection, cont continuing, attack string, dword ptr, compatibility version, push dword, oneway void, xor eax, show warranty, stack buffer overflow Key Phrases - Capitalized Phrases (CAPs): (learn more)
Pai Mei, Discovering Vulnerabilities, Exploiting Stack Overflows, Real-World Exploits, Reverse Engineering, General Public License, Free Software Foundation, Exploiting Heap, Exception Type, Exception Codes, Dino Dai Zovi, Thread State, Charlie Miller, Darwin Streaming Server, Tue Oct, Guard Malloc, The Art of Assembly Language, Crashed Thread, Black Hat, Metasploit Framework, Systems Approach, Unicode Encodings, Content Type, Domain Service Type Instance Name, Internet Protocol Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Back Cover | Surprise Me!
finding bugs, atom type, library randomization, sysent table, mtspr ctr, debug deny, useful instruction sequences, mou eax, heap metadata, ctr register, msf exploit, gword ptr, heap spray, overwritten return address, exploit payloads, bundle injection, cont continuing, attack string, dword ptr, compatibility version, push dword, oneway void, xor eax, show warranty, stack buffer overflow Key Phrases - Capitalized Phrases (CAPs): (learn more)
Pai Mei, Discovering Vulnerabilities, Exploiting Stack Overflows, Real-World Exploits, Reverse Engineering, General Public License, Free Software Foundation, Exploiting Heap, Exception Type, Exception Codes, Dino Dai Zovi, Thread State, Charlie Miller, Darwin Streaming Server, Tue Oct, Guard Malloc, The Art of Assembly Language, Crashed Thread, Black Hat, Metasploit Framework, Systems Approach, Unicode Encodings, Content Type, Domain Service Type Instance Name, Internet Protocol Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Back Cover | Surprise Me!
What Other Items Do Customers Buy After Viewing This Item?
Tags Customers Associate with This Product(What's this?)Click on a tag to find related items, discussions, and people.
|
Customer Discussions
|
This product's forum
Active discussions in related forums
Search Customer Discussions
|
Related forums
|
Listmania!
So You'd Like to...
Look for Similar Items by Category
- Books > Computers & Technology > Apple > Mac Administration
- Books > Computers & Technology > Apple > Mac OS X
- Books > Computers & Technology > Business & Culture > Hacking
- Books > Computers & Technology > Networking
- Books > Computers & Technology > Operating Systems > MacOS
- Books > Computers & Technology > Security & Encryption
- Books > New & Used Textbooks > Computer Science > Operating Systems
