Merry Christmas or whatever applies or not to your particular case, and much more important, Happy New Year!
The world is messed up and it will probably get worse in 2012. Cheer up and be positive!
Let me write some quick notes about some stuff:
– Take a look at Snare’s presentation about OS X Rootkits! Available at Papers section or here.
– Check out the fantastic Hopper disassembler and decompiler here or at the Mac App Store. It’s cheap and it’s great! I was quite surprised by its quality since such tool involves quite an amount of work!
– I have made a quick patch for MachOView to support the LC_ENCRYPTION_INFO command. Grab it here. Applies to the latest SVN version.
– The papers section is updated and better organized. It’s quite a collection!
– @DarkLapu has a new blog featuring a few Mac malware posts. Check it out here – great to see more work being published.
I did some analysis into Flashback-G but I have to ask to the person who submitted the sample if I can write about it. It has what I think will be (“cool”) features to be implemented in the near future. By the way, Flashback author I would love to have a talk with you. My PGP key is in the About page, total confidentiality guaranteed! I am just curious about some things in your code 😉
– @hellais started a sandbox profiles project! The url is https://github.com/hellais/Buckle-Up. Glad to see new stuff coming up.
– Hum I think I am forgetting something else…
I have been working in some interesting stuff related to anti-debugging, rootkits and malware. Maybe I will try to make a presentation of this and submit it somewhere or just publish it here. In 2012 I have to (well, I should) move my ass into a job and stop my damn busy and too fun unemployment status, so let’s see where this ends.
Happy New Year! In crisis lies opportunity.
Live a long and prosper life, and more important, enjoy it!