This talk will be equal parts runtime manipulation of OS X processes via Python, and post exploitation. The flow of the talk will go over using Python to make native library calls on OS X, the limitations and theroies behind doing so. Finally, the talk will demonstrate how the aforementioned techniques can be applied in post-exploitation scenarios by penetration testers to gather useful information on compromised OS X systems. The highlight of this talk will be a demonstration of Meterpreter's first ever non-Windows support for Railgun functionality, allowing pentesters to use the Metasploit framework and all new post modules for OS X hosts.

Attendees will leave the talk with an understanding of using Python to script interfaces to OS X native libraries and what useful things can be done by doing so for post exploitation activities.

As a member of the Research and Development team at SecureState, Spencer McIntyre works to discover vulnerabilities within organizations systems and understand the underlying risks. Mr. McIntyre balances his focus between vulnerability and in-house tool development. During his time with SecureState, Mr. McIntyre has worked with a variety of clients across multiple industries, giving him experience in how each secures their data and the threats that they encounter. Mr. McIntyre uses his background in software development to help him to understand and exploit the underlying logic in the software he encounters. He is active in the open source community, making multiple contributions to a variety of projects such as the Metasploit Framework.

Back to Bsides Cleveland 2017 video list