Overview
Syllabus
Introduction
Overview
Why Care
Mac Malware
XSL CMD
AI Worm
Why
Hacking Teams
Conclusions
Our Goal
Infection
Software Distribution
Persistence
Binary Infection
How Secure Is It
Removing The Signature Block
Dialit Hijacking
Persistence Example
Self Defense
Encryption
Custom Loader
InMemory File Loader
Hiding Die Libraries
Making Malware Harder To Delete
SelfMonitoring
Architecture
Shell Code
Inject
Runtime Injection
Load Time Injection
Gatekeeper
How Gatekeeper Works
How Gatekeeper Doesnt Work
How Gatekeeper Works Again
Popups
XProtect
Hash
Sandbox
Kernel Code Signing
Loading Unsigned Extensions
Root Pipe
Root
Static signatures
Little Snitch
GBGKeychain
iCloud Bypass
Proof of Concept
Testing
Security
KnockKnock
Virus Total Integration
BlockBlock
Task Explorer
El Capitan
Demo
Conclusion
QA
Taught by
Black Hat