This talk will focus on rootkit development on Mac OS X. It will cover the basics as well as a couple of (somewhat) new tricks. We will also talk about rootkit detection on Mac OS X. Runtime kernel patching has been around for almost ten years and is a technique frequently used by various rootkits to subvert the kernel's used in many modern operating systems. This technique does not require any types of kernel modules or extensions and will allow you to hide various things like processes, files, folders and network connections by modifying the kernel's memory directly. It will also allow you to place various backdoors in the kernel for privilege escalation. This talk will discuss runtime kernel patching on Apple's operating system Mac OS X and the XNU kernel. We will cover some rootkit basics as well as some Mac OS X specific 'features' which will facilitate our journey into the deepest parts of the darwin operating system and the XNU kernel. As a bonus we will also show some basic methods for rootkit detection on Mac OS X that will aid you in the process of detecting rootkits that utilize runtime kernel patching to stay hidden.
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.