19th-20th November 2011 - Melbourne, Australia
I thought it would be fun and educational to write a kernel rootkit for Mac OS X. Having never messed around in kernel memory before, it was quite an enlightening experience. OS X is similar enough to FreeBSD that a lot of the same techniques apply, but different enough that there are a few surprises in store. I'll show you how some common kernel rootkit techniques are implemented on OS X, which techniques Apple have broken, and hand-wave a bit about the possibilities for rootkit persistence that are presented by the EFI firmware used in current Macs.
Once upon a time, snare was a code-monkey, cranking out everything from pre-press automation apps to firmware for Big F***ing Laser Machines. Then he got bored and decided to try his hand at the high-flying buzzword-ridden world of Information Security. A couple of thousand "weak SSL ciphers" write ups and a triple-bypass later, here he is.