Defiling Mac OS X - Ruxcon - Reverse Engineering Mac OS X - PUT ...
23.12.2014 Views
Share Embed Flag

Defiling Mac OS X - Ruxcon - Reverse Engineering Mac OS X - PUT ...

Defiling Mac OS X - Ruxcon - Reverse Engineering Mac OS X - PUT ...

Defiling Mac OS X - Ruxcon - Reverse Engineering Mac OS X - PUT ...

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
reverse.put.as

Create successful ePaper yourself

Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.

START NOW

TECHNIQUES<br />

TRUSTEDBSD HOOKS<br />

TrustedBSD = Mandatory Access Control<br />

‣ Aka “Seatbelt” or Sandbox.kext<br />

‣ Register handlers to enforce policy<br />

‣ Handlers get called on various syscalls (<strong>Mac</strong>h & BSD)<br />

‣ Allow or deny requested action<br />

‣ Can use as a kernel entry point<br />

‣ Register callback for task_for_pid()<br />

‣ Called when task_for_pid() is called from userland<br />

‣ Check some identifying factor & do something cool<br />

‣ See http://reverse.put.as for this tekniq<br />

<strong>Defiling</strong> <strong>Mac</strong> <strong>OS</strong> X - <strong>Ruxcon</strong><br />

November, 2011

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!