Delve into a comprehensive exploration of Mac OS X 10.10 Yosemite's security landscape in this 57-minute Black Hat conference talk by Sung-ting Tsai and Ming-chieh Pan. Begin with a review of Yosemite's new features and security improvements, analyzing their impact from both defensive and offensive perspectives. Discover the problems solved, new issues introduced, and existing vulnerabilities that remain exploitable. Progress to an in-depth examination of various methods to abuse Mac OS X 10.10, including demonstrations of malware and rootkit execution. Learn about cutting-edge offensive techniques in both kernel and user modes, such as loading unsigned kernel modules without triggering warnings, manipulating kernel objects to evade detection, and implementing stealthy malware launch methods. Gain insight into a newly released security tool, SVV-X (System Virginity Verifier for Mac OS X), designed to comprehensively scan for rootkits and system abnormalities. Explore its capabilities, including checks for syscall table hooks, mach trap modifications, IDT table alterations, critical data verification, kernel code integrity, and various user mode exploits.
Overview
Syllabus
Exploring Yosemite: Abusing Mac OS X 10.10
Taught by
Black Hat