DE MYSTERIIS DOM JOBSIVS Mac EFI Rootkits - Reverse ...
DE MYSTERIIS DOM JOBSIVS Mac EFI Rootkits - Reverse ...
DE MYSTERIIS DOM JOBSIVS Mac EFI Rootkits - Reverse ...
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
ATTACKING THE KERNEL‣ Patch the kernel from <strong>EFI</strong>‣ Find some place to put code‣ Hook some kernel functionality‣ Get execution during kernel init‣ Party‣ It’s not loaded when we get loaded‣ So how do we trojan the kernel?‣ Wait until it is loaded, then POUNCE‣ ExitBootServices()WHAT CAN WE DO?De Mysteriis Dom Jobsivs - Black Hat USA2012