The last SyScan is almost here so it’s time to get again into a plane and travel to Singapore.
This means that the slides and source code can finally be released. Below you can find the archive with both presentations slides (they are slightly different, SyScan version fixes/upgrades a few things) and full source code for both rootkit/kext loaders.
I hope you enjoy them; they are quite fun techniques, in particular the second one which now I sort of regret to disclose because it’s so cool. I’ve also written a book chapter about both techniques (53 pages before editing) which add a few more tricks. I’m working on the book so hopefully it will finally come out this year.
The archive password will be released on the day of my presentation (27th March) so keep an eye on Twitter and SyScan website. If you crack it before that keep its contents private.
If you are at SyScan feel free to have a chat. I’m there to meet new people and also learn.
Hope you enjoy,
You can find the files below, the archive was removed.
The final version presented at SyScan can be downloaded here.
And the CodeBlue 2014 version here.
The full source code is available at GitHub, diagnostic_service and diagnostic_service2.