De Mysteriis Dom Jobsivs - Mac EFI Rootkits

Explore the intricacies of EFI-based rootkits in Mac systems through this comprehensive Black Hat USA 2012 conference talk. Delve into the EFI architecture, its functionality, and potential exploitation methods for injecting code into the Mac OS X kernel or launching direct user attacks. Gain insights into kernel payload operations and various rootkit techniques applicable within the XNU kernel. Examine the persistence possibilities offered by EFI for rootkit developers. Suitable for audiences without extensive EFI knowledge, acquire a thorough understanding of EFI's role in modern Mac OS X rootkits. The presentation covers topics such as EFI architecture, kernel attacks, persistence mechanisms, evil maid attacks, and defense strategies, concluding with valuable references for further exploration.