Skip to main content
A Mac OS X Rootkit Uses the Tricks You Haven’t Known Yet 3 - Benefits of the Host Privilege

A Mac OS X Rootkit Uses the Tricks You Haven’t Known Yet 3 - Benefits of the Host Privilege

This part of the Black Hat presentation by representatives of the Team T5 Research is dedicated to nuances of host privilege on Mac OS X and what can be done with it. In particular, the ways of granting such permissions to a normal user are highlighted. Additionally, the experts describe a method for bypassing the kernel module verification and show the process of loading kernel module in a demo.

John Dee
John Dee
5.0K
A Mac OS X Rootkit Uses the Tricks You Haven’t Known Yet 2 - Detecting a Process Hidden by Rubilyn

A Mac OS X Rootkit Uses the Tricks You Haven’t Known Yet 2 - Detecting a Process Hidden by Rubilyn

Taiwanese researcher Sung-ting Tsai, aka TT, now delves deeper into the ins and outs of process hiding on Mac OS X, in particular through the use of the Rubilyn rootkit. The flip side of the coin, that is, detecting a process that had been hidden, is analyzed as well to show how user mode can be helpful in this context. For the purpose of visualization, there are demos demonstrating these tricks in action.

John Dee
John Dee
9.4K
You Can’t See Me: A Mac OS X Rootkit Uses the Tricks You Haven’t Known Yet

You Can’t See Me: A Mac OS X Rootkit Uses the Tricks You Haven’t Known Yet

During their presentation at Black Hat Asia 2014, researchers from Team T5 Sung-ting Tsai and Ming-chieh Pan demonstrate some tricks for advanced process hiding in Mac OS X. In essence, this is activity powered by a rootkit, such as Rubilyn, which can make an arbitrary process not visible in the standard way. TT and Nanika also highlight methods for direct kernel task access and gaining root permission.

John Dee
John Dee
5.5K
Bitdefender Antivirus for Mac review

Bitdefender Antivirus for Mac review

In the framework of the constantly expanding range of security tools for Mac OS X, Bitdefender Antivirus for Mac sports out-of-the-common protection efficiency attained without noticeable consumption of system resources.

John Dee
John Dee
4.6K
Injecting Malware into iOS Devices via Malicious Chargers 5 - Problems and Fixes

Injecting Malware into iOS Devices via Malicious Chargers 5 - Problems and Fixes

Having described the Mactans attack in every detail, including the demonstration of how it works in practice, researchers from the Georgia Institute of Technology now shift the focus over to the issues that might make the attack using Mactans charger problematic. These five hurdles are extensively analyzed here, with possible fixes being proposed as well.

John Dee
John Dee
3.2K
Injecting Malware into iOS Devices via Malicious Chargers 4 - Pulling off the Mactans Attack

Injecting Malware into iOS Devices via Malicious Chargers 4 - Pulling off the Mactans Attack

Yeongjin Jang and Billy Lau move on with the presentation of the Mactans charger and the way it can be used to deploy an actual attack on an arbitrary iOS based device. In this part the researchers show a demo reflecting the actual process where a legitimate app gets replaced with a malicious one which then gets executed in the background without user awareness. Additionally, several attack scenarios are described.

John Dee
John Dee
3.3K