Applications on macOS use a common and flawed method of loading dynamic libraries (dylib), which leaves them vulnerable to a post-exploitation technique known as dylib hijacking. Dylib hijacking is a technique used to exploit this flawed loading method in order to achieve privilege escalation, persistence, or the ability to run arbitrary code. This talk provides an overview of the attack vector and the process involved in exploiting vulnerable applications. Additionally, the process of automating the exploitation of vulnerable applications will be demonstrated and discussed in depth.

Jimi Sebree

Jimi Sebree is a senior security research engineer on Tenable’s Zero Day Research team. With a strong background in software engineering and security, he bounces between research disciplines in an effort to appear knowledgeable about a variety of topics. Occasionally he succeeds in tricking someone into listening to his ramblings.