Advanced Mac OS X Rootkits released

At BlackHat USA 2009, Dino Zovi presented “Advanced Mac OS X Rootkits†covering a number of Mach-based rootkit techniques and some tools that he has developed to demonstrate them. While the majority of Mac OS X rootkits employ known and traditional Unix-based rootkit techniques, these Mach-based techniques show what else is possible using the powerful Mach abstractions in Mac OS X.

The presentation covered a number of Mach-based rootkit tools and techniques including user-mode Mach-O bundle injection, Mach RPC proxying, in-kernel RPC server injection/modification, and kernel rootkit detection.

Find here the complete article along with code source of the rootkit.

Post scriptum


Related Articles