• Document: Gatekeeper Exposed. come, see,
  • Size: 24.25 MB
  • Uploaded: 2019-05-17 21:33:59
  • Status: Successfully converted


Some snippets from your converted document:

Gatekeeper Exposed come, see, conquer! @patrickwardle WHOIS security for the 21st century “leverages the best combination of humans and technology to discover security vulnerabilities in our customers’ web apps, mobile apps, IoT devices and infrastructure endpoints” career hobby @patrickwardle SYNACK & THE SYNACK RED TEAM (SRT) join, find bugs, profit! signup pass find bugs get paid! why } smaller 'crowd' + larger customers ? = more, higher, faster, payouts OUTLINE all aspects of gatekeeper { understanding Gatekeeper bypassing fixing UNDERSTANDING GATEKEEPER …under the hood LIFE BEFORE GATEKEEPER countless OS X users infected ...os x trojans everywhere? everywhere! jahlav-a devilrobber PD F rkosx-a opinionspy revir hovdy-a boonana qhost leap-a rsplug macsweeper iworks-a pinhead macdefender gatekeeper 2006 2007 2008 2009 2010 2011 2012 GATEKEEPER AIMS TO PROTECT as there is no patch for human stupidity ;) Gatekeeper is a built-in anti-malware feature of OS X (10.7+) "If a [downloaded] app was developed by an unknown developer—one with no Developer ID—or tampered with, Gatekeeper can block the app from being installed" -apple.com only option! TL;DR block unauthorized code from the internet GATEKEEPER PROTECT USERS "Gatekeeper Slams the Door on Mac Malware Epidemics" -tidbits.com ...from low-tech adversaries rogue "AV" products ??? fake installers/updates poor naive users! fake codecs infected torrents GATEKEEPER PROTECTS USERS Q1 2015: all security software, ...from high-tech adversaries I downloaded -> served over HTTP :( LittleSnitch MitM + infect insecure downloads ClamXav Sophos my dock HOW GATEKEEPER WORKS iff quarantine an overview attribute is set! quarantine attribute added //attributes $ xattr -l ~/Downloads/malware.app com.apple.quarantine:0001;534e3038; Safari; B8E3DA59-32F6-4580-8AB3... quarantine attributes gatekeeper settings gatekeeper in action EXTENDED FILE ATTRIBUTES "Mac OS X & iOS Internals" simply put; file metadata Jonathan Levin extended attr. (com.apple.*) brief details FinderInfo information for Finder.app (such as folder colors) metadata Spotlight data, such as download location & version info quarantine indicates that file is from an 'untrusted' source (internet) dump w/ xattr command $ xattr -l ~/Downloads/eicar.com.txt com.apple.metadata:kMDItemWhereFroms: 00000000 62 70 6C 69 73 74 30 30 A2 01 02 5F 10 2B 68 74 |bplist00..._.+ht| 00000010 74 70 3A 2F 2F 77 77 77 2E 65 69 63 61 72 2E 6F |tp://www.eicar.o| 00000020 72 67 2F 64 6F 77 6E 6C 6F 61 64 2F 65 69 63 61 |rg/download/eica| 00000030 72 2E 63 6F 6D 2E 74 78 74 5F 10 27 68 74 74 70 |r.com.txt_......| com.apple.quarantine: 0001;55ef7b62;Google Chrome.app;3F2688DE-C34D-4953-8AF1-4F8741FC1326 dumping quarantine attributes 'FILE QUARANTINE' realized by the com.apple.quarantine file attribute note; not gatekeeper added in Leopard "file from internet" //dictionary for quarantine attributes NSDictionary* quarantineAttributes = nil; //get attributes [fileURL

Recently converted files (publicly available):