Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

De Mysteriis Dom Jobsivs - Mac EFI Rootkits

Black Hat via YouTube

Overview

Explore the intricacies of EFI-based rootkits in Mac systems through this comprehensive Black Hat USA 2012 conference talk. Delve into the EFI architecture, its functionality, and potential exploitation methods for injecting code into the Mac OS X kernel or launching direct user attacks. Gain insights into kernel payload operations and various rootkit techniques applicable within the XNU kernel. Examine the persistence possibilities offered by EFI for rootkit developers. Suitable for audiences without extensive EFI knowledge, acquire a thorough understanding of EFI's role in modern Mac OS X rootkits. The presentation covers topics such as EFI architecture, kernel attacks, persistence mechanisms, evil maid attacks, and defense strategies, concluding with valuable references for further exploration.

Syllabus

Intro
INTRODUCTION
WHAT'S AN EFI? AND WHY DO I CARE?
EFI ARCHITECTURE
DOING BAD THINGS WITH EFI
ATTACKING THE KERNEL
PERSISTENCE
EVIL MAID ATTACKS
DEFENCE
IN CONCLUSION...
REFERENCES

Taught by

Black Hat

Reviews

Start your review of De Mysteriis Dom Jobsivs - Mac EFI Rootkits

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.