The last SyScan is almost here so it’s time to get again into a plane and travel to Singapore.
This means that the slides and source code can finally be released. Below you can find the archive with both presentations slides (they are slightly different, SyScan fixes/upgrades a few things) and full source code for both rootkit/kext loaders.
I hope you enjoy them; they are quite fun techniques, in particular the second one which now I sort of regret to disclose because it’s so cool.
I’ve also written a book chapter about both techniques (53 pages before editing) which add a few more tricks. I’m working on the book so hopefully it will finally come out this year.
The archive password will be released on the day of my presentation (27th March) so keep an eye on Twitter and SyScan website. If you crack it before that keep its contents private ;-).
If you are at SyScan feel free to have a chat. I’m there to meet new people and also learn.
Hope you enjoy,
Update: The archive password is “syscan_rules_blackhat_sucks!”.
The final version presented at SyScan (really minor changes) can be download here.
The full source code is available at GitHub, diagnostic_service and diagnostic_service2.