Play all

Introduction

Overview

Why Care

Mac Malware

XSL CMD

AI Worm

Why

Hacking Teams

Conclusions

Our Goal

Infection

Software Distribution

Persistence

Binary Infection

How Secure Is It

Removing The Signature Block

Dialit Hijacking

Persistence Example

Self Defense

Encryption

Custom Loader

InMemory File Loader

Hiding Die Libraries

Making Malware Harder To Delete

SelfMonitoring

Architecture

Shell Code

Inject

Runtime Injection

Load Time Injection

Gatekeeper

How Gatekeeper Works

How Gatekeeper Doesnt Work

How Gatekeeper Works Again

Popups

XProtect

Hash

Sandbox

Kernel Code Signing

Loading Unsigned Extensions

Root Pipe

Root

Static signatures

Little Snitch

GBGKeychain

iCloud Bypass

Proof of Concept

Testing

Security

KnockKnock

Virus Total Integration

BlockBlock

Task Explorer

El Capitan

Demo

Conclusion

Description:

Explore advanced techniques for creating sophisticated OS X malware and learn how to better secure your Mac in this 52-minute Black Hat conference talk. Delve into novel persistence methods, abuse of native OS X components to hinder analysis, and ways to bypass OS X's built-in malware mitigations and third-party security tools. Discover how to remotely bypass Gatekeeper, circumvent Apple's 'rootpipe' patch, and generically bypass popular antivirus and personal firewall products. Gain insights into infection methods, software distribution, binary infection, and self-defense mechanisms employed by malware. Learn about runtime injection, load-time injection, and techniques to exploit vulnerabilities in OS X security features. Conclude with an introduction to free security tools that can detect and prevent advanced OS X threats, empowering you to enhance your Mac's protection against current and future malware.

Writing Badass Malware for OS X

Black Hat

Add to list

#Conference Talks #Black Hat #Computer Science #Cryptography #Encryption #Information Security (InfoSec) #Cybersecurity #Threat Detection #Malware Development