| Title |
Runtime Kernel Patching on Mac OS X |
| Type |
Video
|
| Tags |
kernel
exploiting
Mac OS X
|
| Abstract |
This talk will focus on rootkit development on Mac OS X. It will cover the basics as well as a couple of (somewhat) new tricks. We will also talk about rootkit detection on Mac OS X. Runtime kernel patching has been around for almost ten years and is a technique frequently used by various rootkits to subvert the kernel's used in many modern operating systems. This technique does not require any types of kernel modules or extensions and will allow you to hide various things like processes, files, folders and network connections by modifying the kernel's memory directly. It will also allow you to place various backdoors in the kernel for privilege escalation. This talk will discuss runtime kernel patching on Apple's operating system Mac OS X and the XNU kernel. We will cover some rootkit basics as well as some Mac OS X specific 'features' which will facilitate our journey into the deepest parts of the darwin operating system and the XNU kernel. As a bonus we will also show some basic methods for rootkit detection on Mac OS X that will aid you in the process of detecting rootkits that utilize runtime kernel patching to stay hidden.
|
| Authors |
Bosse Eriksson
|
| Submitted |
October 08, 2009 |
| Rating |
Currently 0/5 stars (0 votes).
|
| Correlation |
| Linked to |
|
| Event |
HAR 2009
|
| Resource |
---
|
| Download |
| Source |
268_l2208_Runtime_Kernel_Patching_on_Mac_OS_X.mp4 |
| Size |
166.8 MB |
| MD5 |
042fcc2396bf855502a72a024b71d531 |
| SHA1 |
4235cfb2864a0c6f56a7707926029463dfa293da |
top
