Advanced Mac OS X Rootkits.pdf - Reverse Engineering Mac OS X
Advanced Mac OS X Rootkits.pdf - Reverse Engineering Mac OS X
Advanced Mac OS X Rootkits.pdf - Reverse Engineering Mac OS X
- No tags were found...
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Evasive Maneuvers• Unix system call filtering can’t evade<strong>Mac</strong>h kernel RPC (different interface)• There’s no reason why kernel rootkitsneed to be loaded as <strong>Mac</strong>h-O objects–vm_allocate() + thread_create() on kernel task–DKOM, return-oriented rootkits, etc.• Alternatively, filter in-kernel <strong>Mac</strong>h RPCservers47