SyScan13: Revisiting Mac OS X Rootkits presentation

SyScan 2013, 10th anniversary edition is over! It is a great conference and I hope it does not end here. I had lots of fun and met new interesting people. Thomas is an awesome host! It helps that I really like Singapore and Asia in general.

My presentation was about Mac OS X kernel rootkits based on the article I submitted to Phrack. Because Phrack is late, I was trying to postpone public availability of my slides. I will also do the “same” presentation at NoSuchCon on the 17th May. The slides were made available at SyScan site so there is no point in holding out anymore. The version available here is the most recent version with some additional changes I did before presentation, and some others after presentation feedback to clarify some points. Thanks to Igor from Hex-Rays, A. Ionescu, and Shane (my assigned drone controller).

The main goal is to show how easy it is to improve OS X rootkits quality, and that we need to invest time (& money) to research and develop detection and protection tools. Nemo also presented about DTrace rootkits at Infiltrate’13, and we (nemo, snare, and I) are starting to write a book about OS X rootkits. Hopefully this should bring some fresh blood to the OS X rootkit scene.

Phrack should be out one of these days – then you can enjoy the long article and sample rootkit source code!


SyScan 13 Presentation slides