Learn, hack!

URL

http://ftp.selfnet.de/videos/har2009/268_l2208_Runtime_Kernel_Patching_on_Mac_OS_X.mp4

File name

268_l2208_Runtime_Kernel_Patching_on_Mac_OS_X.mp4

File size

166.8 MB

MD5

042fcc2396bf855502a72a024b71d531

SHA1

4235cfb2864a0c6f56a7707926029463dfa293da

This talk will focus on rootkit development on Mac OS X. It will cover the basics as well as a couple of (somewhat) new tricks. We will also talk about rootkit detection on Mac OS X. Runtime kernel patching has been around for almost ten years and is a technique frequently used by various rootkits to subvert the kernel's used in many modern operating systems. This technique does not require any types of kernel modules or extensions and will allow you to hide various things like processes, files, folders and network connections by modifying the kernel's memory directly. It will also allow you to place various backdoors in the kernel for privilege escalation. This talk will discuss runtime kernel patching on Apple's operating system Mac OS X and the XNU kernel. We will cover some rootkit basics as well as some Mac OS X specific 'features' which will facilitate our journey into the deepest parts of the darwin operating system and the XNU kernel. As a bonus we will also show some basic methods for rootkit detection on Mac OS X that will aid you in the process of detecting rootkits that utilize runtime kernel patching to stay hidden.