-=[ Inside Mac OS X - Kernel Environment ]=-
by Apple
at n/a
type paper
hash c8a51d3db1deb7e70fee1af708d0b3dfcd7b2996a5ac1af449b23698ddbab50f
-=[ Dynamically Overriding Mac OS X ]=-
by Jonathan Rentzsch
at N/A
type paper
hash c64fe59fc7dd7c30b8b4a379ac691c58d5b1c8f213d03e9d162bd8be3fe4c323
-=[ A Debugger with Gui in OS X ]=-
by Ivan Krizsan
at N/A
type thesis
hash 183c67089ffc3282e66f6aca23b3a70459bd85d1488808eb38c1eea3e00db796
-=[ Practical Mac OS X Insecurity ]=-
by Angelo Laub
at CCC
type slides
hash 039ce00494ca033973d5c934dc1f8fc4c7d3a8a111797aae993e8f3af44f6f37
-=[ MacOS Kernel Insecurity ]=-
by Ilja van Sprundel & Christian Klein
at N/A
type slides
hash 3841f97e8f088f4b0373b78148c79dd65233e705867a1276bea32776ccdc6b96
-=[ Infecting the Mach-O Object Format ]=-
by Nemo
at N/A
type slides
hash 4fcd6992827fa19b982ba4f92e386ec2d51c9cc40dada4b4c41c14d3e2dec1e8
-=[ Hacking Mac OS X Kernel for unsupported machines ]=-
by Ryan Rempel
at N/A
type paper
hash 56a628a4f53c48b5c90a7f4eb031d52a529edb27a02f7ae8fb08ef88c14b184b
-=[ FireWire: All your memory are belong to us ]=-
by Michael Becher & Maximillian Dornseif & Christian N. Klein
at CanSecWest
type slides
hash 8783068585b92ee08b2f94de00583cdda4948578421a75ea0ca76dd0e600be81
-=[ Everything You Always Wanted To Know About MIG But Were Afraid to Ask ]=-
by Richard P. Draves
at N/A
type slides
hash bb3d118905008489652fcb81c8d34a4331c31ae3859c5a385e311287bc1e2b52
-=[ Breaking Mac OS X ]=-
by Nemo & Ilja van Sprundel
at N/A
type slides
hash ce92eb21c9021b8101e8922b32086eba29dba6efa38b8f5b6f778c4c4d39a04e
-=[ Abusing Mach on Mac OS X ]=-
by Nemo
at N/A
type paper
hash e161878968e46a4fc93d9ca523ba2ef407c02dbb947e95d616fe230731647556
-=[ Hit by a Bus: Physical Access Attacks with Firewire ]=-
by Adam Boileau
at Ruxcon
type slides
hash 7aa79055ea588de8d12db8bf7b2c165f74f7ac75dbccb804c299adaa07bc0d7c
-=[ Hardware Virtualization Rootkits ]=-
by Dino Dai Zovi
at BlackHat
type slides
hash a1cd1aaeb9815d6dcac87705ccf09f0f8f7701791bfb71b3dc76dc92d98c9419
-=[ Discovering Mac OS X Weaknesses ]=-
by Jay Beale
at Def Con
type slides
hash 072f71c8b0fca8290fe96472ce4aeb0ce4a298f539d8cf8a3f7c4fe971755270
-=[ Hacking Leopard ]=-
by Charlie Miller & Jake Honoroff
at N/A
type paper
hash 5999269c67c3b676368a07048518a3f0ee05bb9e88cc5360c7f06132932becbe
-=[ Inside the Mac OS X Kernel ]=-
by Lucy
at CCC
type paper
hash 2afd67943cb3f49a48de17b7a4221f78cb21646a7e71a3030a374a6ad40573ae
-=[ Mac OS X FileSystems ]=-
by Singh
at N/A
type slides
hash 44320fea2a8c24028cb50d00e1b475183370cc6fd4028a635766601ffa25688e
-=[ Hacking OS X ]=-
by Charlie Miller
at BlackHat Japan
type slides
hash c2c514e3484014a467715ce91e983588134b64be3842c64615d66f871b55dd64
-=[ Dtrace The Reverse Engineer’s Unexpected Swiss Army Knife ]=-
by Tiller Beauchamp & David Weston
at BlackHat
type paper
hash 968e7ac92d1f5d154cc3f91794a6fb1b8e8e6e0ea781452fa6204c52a857407a
-=[ iRK – Crafting OS X Kernel Rootkits ]=-
by Jesse D’Aguanno
at BlackHat
type slides
hash 8f8a97f7c2e5530eaeffa08a256f9ca366229d85984f4c7a93f01f857ec80270
-=[ RETrace – Applied Reverse Engineering on OS X ]=-
by Tiller Beauchamp & David Weston
at Def Con
type slides
hash 108654f1e4f5e60d608041242c4f6425c41986cb2ec125df724c282129ccfa29
-=[ Under the iHood ]=-
by Cameron Hotchkies
at REcon
type slides
hash 2548ea139d2cfb97af2210d2c5f49e8e1ba35bf16b9151d3e85eb96b45548f57
-=[ Covering the tracks on Mac OS X Leopard ]=-
by Charles Scott
at N/A
type paper
hash b51f03196a1da4459633c94909e6bcb94fd944ff684712abd597fe4624681a53
-=[ OS X Rootkits – the next level ]=-
by Alfredo Pesoli
at LaCon
type slides
hash f126b723af77a8b5664baf20608e498109953df5bbd35033b7dc6deeaac33835
-=[ How the Leopard hides his spots ]=-
by The Gruqq
at Hack in the Box KL
type slides
hash a37eef86f2524a5abbfeaa241f5d5b8d6e4292a0f9d2dad3f2c05b950e1ab445
-=[ Advanced Mac OS X Rootkits ]=-
by Dino Dai Zovi
at N/A
type paper
hash 428bbe81b69e4874104fd171dfc35f2fe995582ba25fc929b22cf32d9baf0743
-=[ Advanced Mac OS X Rootkits ]=-
by Dino Dai Zovi
at N/A
type slides
hash d468cac39b7abbc9e6809e09716d8dd45f74483b8f489a9c5d111795df12f08d
-=[ Runtime Kernel Patching on OS X ]=-
by Bosse Eriksson
at Def Con
type slides
hash 43d75e9022f1a13308a8adbf267659afa18933077b1f7b3dd61a64240618868b
-=[ Mac OS Xploitation ]=-
by Dino Dai Zovi
at HITB
type slides
hash d1e61cce17b508a4692c8ecf230828af877b14ab9b71a3921cdeb6a758d33155
-=[ Dynamic Tracing for Exploitation and Fuzzing ]=-
by Tiller Beauchamp & David Weston
at Shakacon
type slides
hash 9527aa73738bf76241404970fbcdf0f6821513c47e455bc1a75980fcebe9359f
-=[ Mac OS X Malware Analysis ]=-
by Joel Yonts
at N/A
type paper
hash 55f9227bc933ada620ab84c3f17ad141c5572c7a59bcf5f464cb0e948d9625eb
-=[ Objective-C Internals ]=-
by André Pang
at N/A
type slides
hash 27963eff21e9f5d793a31e65eead085209c22f3cd08935fc1f6e083de7daf920
-=[ Hacking Macs for Fun and Profit ]=-
by Dino Dai Zovi & Charlie Miller
at CanSecWest
type slides
hash b4509f8c216f0b0cad50c449795d49a12083659ca715895ef5afd8f88c1411b5
-=[ Mac OS Xploitation ]=-
by Dino Dai Zovi
at Source
type slides
hash 79c174d6ed0267cea14997c4e0bf7b233cd18d1fbf7b2c4cc42df0d249e12edc
-=[ Debugging Cocoa with DTrace ]=-
by Colin Wheeler
at N/A
type paper
hash 3b4d314aaaa4d9123b660c7fc956bee67b5c9ac37d36623903477dcf3af21165
-=[ Let your Mach-O fly ]=-
by Vincenzo Iozzo
at BlackHat DC
type slides
hash 5d07180f904ea5f8447847675a557962f5eeedd51627ddfdc3da7dbfd66dd247
-=[ Dynamically Overriding Mac OS X – Down the Rabbit Hole ]=-
by Jonathan Rentzsch
at N/A
type slides
hash e78e7040e028f6c956e5891a9f3c5163c0e89a07b3dc510e74441fa8ccc4467b
-=[ Encryption Wrapper on OSX ]=-
by Unknown
at N/A
type slides
hash be87812e729e1b1b360b7ad0506719a92d950db37669f63f9823c01570000cab
-=[ Function hooking for OSX and Linux ]=-
by Joe Damato
at N/A
type slides
hash 7d248225c661536d85cc45fef34c444e2e4e437b9dd8b97e809e00cda5b9535f
-=[ Mac Os X Hacking Snow Leopard edition ]=-
by Charlie Miller
at N/A
type slides
hash 554f1810c140e4d1c5d539ce2b69615bcc6d62373715f79f6013b9bdb4167b29
-=[ Advanced Mac OS X Physical Memory Analysis ]=-
by Matthieu Suiche
at BlackHat DC
type slides
hash c3490def9144f64ab06827859365ad101d42f85cb8b0ef0f64354a5d3117a089
-=[ Advanced Mac OS X Physical Memory Analysis ]=-
by Matthieu Suiche
at BlackHat DC
type paper
hash 4123e6127ad80d0bd537f666be4134d7ced03583820670357fdad223b1752aec
-=[ Post exploitation techniques on OSX and Iphone ]=-
by Vincenzo Iozzo
at EUSecWest
type slides
hash dcbb98040fd404b94c2e22fcdedb95d59b8ef1172bd1717c0d1b93883277e3d9
-=[ Programacion de rootkits en Mac OS X ]=-
by Fernando López Hernández
at N/A
type paper
hash fb242b3fb850b11f26ecd1062c384c79d7426506c6795957ec430b15cefd285c
-=[ Hacking at Mach speed ]=-
by Dino Dai Zovi
at N/A
type slides
hash b4190a7b684203045fd55351a8f5171fe6ad251147b08be139667b32f2ed735a
-=[ Mac OS X Return Oriented Exploitation ]=-
by Dino Dai Zovi
at N/A
type slides
hash 19ca2cbcf7b4943a27a7f03b9ce620d7508991b28ac5b7807e506bfb5123c3db
-=[ Having Fun with Apples IOKit ]=-
by Ilja van Sprundel
at N/A
type slides
hash f430a772300a7d924f8fde0a2e9232aa2f2642dd11d178cfb20a658f1253dd77
-=[ Mach-O Fun ]=-
by Michael Feiri
at CocoaHeads
type slides
hash 0c8740f5cc4f30d6e53936c7b8baf60230bf8441004dc59aef9c67584c861855
-=[ Porting Darwin to the MV88F6281 - ARMing the SnowLeopard ]=-
by Tristan Schaap
at n/a
type paper
hash 25b3ab7b8169ab3d22049ce1370f330f7869a9e80f0f785e222189fdfe2382b1
-=[ Defiling Mac OS X Kernel Rootkits ]=-
by Snare
at Ruxcon
type slides
hash 456b270a40299c07b202d45fdcbd33abcae5a43f597b77e388495795b94a5e50
-=[ Hacking at Mach2 ]=-
by Dino Dai Zovi
at N/A
type slides
hash 35280938db10e8a30d802d64908a3038ed7ec6598d847c3733c5011a7dd14260
-=[ The Apple Sandbox ]=-
by Dionysus Blazakis
at BlackHat DC
type paper
hash 4b12ed7217d147b36d6a69d146012e0ea5cc9535c5ec00bb1b99260f6585095f
-=[ The Apple Sandbox ]=-
by Dionysus Blazakis
at BlackHat DC
type slides
hash 0e411a122eb12ddb7c5575c50ef6e0f0a99476aa98522ee0a4c1bce5bc78691e
-=[ Battery Firmware Hacking ]=-
by Charlie Miller
at N/A
type paper
hash 751025b53e646b56f9ac4a18d1ef37e4d59e98cefc97ab6c6a69b22d5ecd2628
-=[ Macs in the Age of APT ]=-
by iSEC Partners
at BlackHat
type slides
hash abe56f0b2644b165a6403613d260200b0a91098e22657f3f26bed8ca893eaab5
-=[ Protecting the core – Kernel Exploitation mitigations ]=-
by Patroklos Argyroudis & Dimitris Glynos
at BlackHat EU
type slides
hash 696fa702bbb6ba9d152abb56d367afaa5c08d4f674e120586836c3a21bfe06bc
-=[ Protecting the core – Kernel Exploitation mitigations ]=-
by Patroklos Argyroudis & Dimitris Glynos
at BlackHat EU
type paper
hash f75609bc5f9baff8f51841f42f976274145fcf686db2d982eeab4f2c77ad0d55
-=[ Mac OS Lion Forensic Memory Acquisition Using IEEE 1394 ]=-
by Todd Garrison
at
type paper
hash 921bd956acde1b402f3b89f1131bd5749d06c5630d8fdaf6517ee6e0b47d6131
-=[ Mach Shellcodes and Injectable OS X Rootkits ]=-
by Jesse D'Aguanno
at REcon
type slides
hash 8b2e26d1a8ae76f67cb8266753c2f7065da0ae5a079380ae6ab880545a8d6856
-=[ PulseAudio on Mac OS X ]=-
by Daniel Mack
at n/a
type paper
hash f50e488fe4e75232aa79ae382ab3fdc8c566aee4db1119e1cea30ff9f4644c9f
-=[ Syscan12 – DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS ]=-
by Snare
at SyScan Singapore
type slides
hash ec2529a1ad164ecf64da8973ee7d7d82b2d93b25bdaa072dee1176ee78c27d5e
-=[ Ruxcon – DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS ]=-
by Snare
at Ruxcon
type slides
hash 405471295c956a1f879a4111932cf122f44a9b9dc3e478bb25ffec733e491df1
-=[ Hack Mac OS X – Tips and tricks for Mac OS X hack ]=-
by sud0man
at GSDays
type slides
hash 00ee964e0174562cba00a8a41951533587c94de7139e8db93d6bbb37b23e604d
-=[ How to re-engineer OSX to behave the way you want ]=-
by Stephen Sykes
at CodeBits
type slides
hash 7fc1fb5cb5918d303dd270bdf60cf288d685cf10ea747e5bb444b7cf3446fa94
-=[ Mac Memory Analysis with Volatility ]=-
by Andrew Case
at DFIR Summit
type slides
hash 32548e463fa97daad9ad4e3b85cc56f78b81325abded131482178c30867a2075
-=[ OS/X Flashback ]=-
by ESET
at N/A
type paper
hash 43503a19825cb10ba3865c645754969ea459dcd4663c51c53df9e41d5d3a4671
-=[ When Macs Get Hacked ]=-
by Sarah Edwards
at DFIR Summit
type slides
hash d609b76504e7a34d093e5217940c1f8a82d4c570cca678435653ba46a93e4ac3
-=[ Analysis & Correlation of Mac Logs ]=-
by Sarah Edwards
at DFIR Summit
type slides
hash df70e821a541dd519ab94539ae61f15f11ce35968707e63d47158e4e710197a5
-=[ Infiltrate the Vault – Security Analysis and Decryption of Lion Full Disk Encryption ]=-
by Omar Choudary & Felix Grobert & Joachim Metz
at N/A
type paper
hash b590f488f1de36e120254ac1af9d0914ad2848e9fb50af4d7a681d8e093f37c3
-=[ FORENSIC MEMORY ANALYSIS FOR APPLE OS X ]=-
by Andrew F. Hay
at N/A
type thesis
hash 5ca26a51bd2bfe07ca063bab3289175fda056f4fa4543fc32a13781a73c60e52
-=[ EFI Rootkits ]=-
by Andreas Galauner
at SIGINT
type slides
hash c372005b2b0f65b2aea85dae1ca674a5096df2188037efac6500791525d65dc8
-=[ DE MYSTERIIS DOM JOBSIVS Mac EFI Rootkits ]=-
by Snare
at BlackHat
type paper
hash 02f78fb79b713c325d16152607ad54bc280b66dd3078a592974b6daadbf9cd96
-=[ DE MYSTERIIS DOM JOBSIVS Mac EFI Rootkits ]=-
by Snare
at BlackHat
type slides
hash 2fe2ab333b7a36b0e10fed675d686ebd5544bee7cc7a9c22bf7c06d67015eb82
-=[ FLASHBACK OS X MALWARE ]=-
by Broderick Ian Aquilino
at VB
type paper
hash 05ff29920c23830771079098fee66d1ed57cf514be6362c61ea1131cda04b192
-=[ FLASHBACK OS X MALWARE ]=-
by Broderick Ian Aquilino
at VB
type slides
hash 2a9848771d28e12579df1b61b66c618d7b78d0e5d98b65a4b0af095976c8c8fb
-=[ Backdoor.Flashback (Russian) ]=-
by Dr Web
at N/A
type slides
hash fe06e7340872cb8e008efdc4980bc03387fdea1b83d5b2149661182c91a3379f
-=[ Mac OS X Malware Overview (Russian) ]=-
by Ivan Sorokin
at ZeroNights
type slides
hash 000384f992c0e620458954487ba415ed0bff66ba6fca1a349363962601cd7768
-=[ XNU: A security evaluation ]=-
by Daan Keuper
at N/A
type thesis
hash 945e293c760785912788dbffd75d78c61e9cecb998a8a3b908408da20d51b622
-=[ Past and Future in OS X Malware ]=-
by fG! & noar
at HiTCON
type slides
hash fd09a9c0b1dbcfdd60c412f60e8a18c9501699f245573d81721412a7db8e0c6d
-=[ Playing with OS X - How to start your Apple reverse engineering adventure ]=-
by fG!
at Secuinside
type slides
hash 988adf5a8ae5f35623147bbf873acd364183839dfffbf88a5a771c283ee40358
-=[ OS X Malware ]=-
by fG! & noar
at Confraria Lisbon
type slides
hash 29809106020e285680b306ad52688c3d4929b990d57371674ebf2e1b07f3d85b
-=[ Malware:No One Is Safe ]=-
by Rik Farrow
at N/A
type slides
hash db59d1493b8d2e3d0c6007f8f91db87fef24911211fd10774c466d7737ba4fbb
-=[ Analysis & Correlation of Mac Logs ]=-
by Sarah Edwards
at DFIR Summit
type slides
hash c60174d0077155fe674b377a2039dde9f3c378da2cf64fbf39151a6fe4764101
-=[ Mac Memory Analysis with Volatility ]=-
by Andrew Case
at SANS DFIR Summit
type slides
hash 81d5bce8ab4ea0f719f7e4086f2a68f800927eecd445a838be4de8d12cec3684
-=[ When Macs get hacked ]=-
by Sarah Edwards
at SANS DFIR Summit
type slides
hash 23ab3e1d29737ddd37f088a686bf29ea4ad461d831d230c83914fa5459f9b45e
-=[ Destructive DTrace ]=-
by Nemo
at Infiltrate
type slides
hash d7e5dcc4517e699dbee6206e59832175a2a6a2f5c5457f9174915194430ec8c4
-=[ Revisiting Mac OS X Kernel Rootkits ]=-
by fG!
at SyScan Singapore
type slides
hash 302272d3fb92b937a8bb56687b68a95dd092906fb95efee508fb0b913db3885e
-=[ Mountain Lion and iOS Vulnerabilities Garage Sale ]=-
by Stefan Esser
at SyScan Singapore
type slides
hash cd29d3dffe947205ae3bebe4d9ea2804b07f7496ff974e72ec8d0f66f4409055
-=[ Mountain Lion and iOS Vulnerabilities Garage Sale ]=-
by Stefan Esser
at SyScan Singapore
type paper
hash 1705d591ef8ac19f6f7bab601d92c628c312941505a868816be4a2caddf2025e
-=[ OS X Hardening – Mountain Lion 10.8 ]=-
by ERNW
at N/A
type paper
hash 9af4670eaca77e552d97733c56d18607d1e7102b1cc2bb76956d44a56af0e7eb
-=[ Ninjas and Harry Potter – “Spell”unking in Apple SMC land ]=-
by Alex Ionescu
at NoSuchCon
type slides
hash 297ccbf7023b5db8ecc23e9a781cf53c9056fbad67ab565a538045306c76cec1
-=[ OS X Kernel Rootkits ]=-
by fG!
at HiTCON
type slides
hash fe797f1663fc8671788f50e5a980ae0940d1d60055128397b57e1bdd8ab51f44
-=[ OS X Rootkits 2 ]=-
by fG!
at SyScan360 Beijing
type slides
hash 6d54a2ada61aba55284978afbfdcd9056ffbdc089a7bd5ee0987568f055f6851
-=[ Revisiting Mac OS X Rootkits ]=-
by fG!
at NoSuchCon
type slides
hash 41be65b08b86fcf6d44c122336d943d1ac94a9d369888a96d3d00c8f156201aa
-=[ OS X Rootkits 2 ]=-
by fG!
at Bsides Lisbon
type slides
hash d220499724469a1c15bfd3476f203294e498224fa82490e3cb4bfb5ddee1af00
-=[ SWGDE Mac OS X Tech Notes ]=-
by Scientific Working Group on Digital Evidence
at N/A
type paper
hash 2e3e0c12b4c8c31f9ab4ef97d86d44bba18d5511d416a2822c93c41fff742921
-=[ iSee You: Disabling the MacBook Webcam Indicator Led ]=-
by Matthew Brocker & Stephen Checkoway
at N/A
type paper
hash 3a2700bebec1a566697c8b350a11459c3eeb201e34ee404271e75298f3838d88
-=[ Hunting for OS X rootkits in memory ]=-
by Cem Gurkok
at HITB
type slides
hash 9bc82dd2c7bfcb298ba40733a2297fc4865aaa3fd4c177f3dd4cc1f2f3a65c3b
-=[ Mining Mach Services within OS X Sandbox ]=-
by Meder Kydyraliev
at Ruxcon
type slides
hash d74081cf3366e53bed1fde880eddbcd58672866fbf3a5e44f4d9391fefd44d50
-=[ When Macs get hacked ]=-
by Sarah Edwards
at N/A
type slides
hash 39168ba9178f0f2de773bdcac6f5e64a6bb2b99379432f9401d4c9441c287fac
-=[ Funderbolt - Adventures in Thunderbolt DMA Attacks ]=-
by Russ Sevinsky
at BlackHat
type slides
hash bc241d8a47ccf57fd763ca3ee2a6e7775d03aa519c291add223d0dc0d922d1aa
-=[ Mach-O Malware Analysis: Combatting Mac OSX/iOS Malware with Data Visualization ]=-
by Remy Baumgarten
at Def Con
type paper
hash 5c63eca696272bf25703918a5c3b5559a393c7d5622a394dd8207bdaeca1d676
-=[ MAC OS X: GETTING STARTED WITH USB - AN1105 ]=-
by Cypress Perform
at n/a
type paper
hash 3128262acaef460250aa5de8624eb6d9b10923be6f8844e058f71f607d1dcd98
-=[ Reverse Engineering Mac Malware ]=-
by Sarah Edwards
at BSides NoLa
type slides
hash 47c62a927844cab3559459642b90f3195a07b17fea3989effcd4af396a8a3f02
-=[ Methods of Malware Persistence on OS X Mavericks ]=-
by Patrick Wardle
at Shakacon
type slides
hash 9135ead4f70d97f8fa4345b2107b32e0decc4ddfdd8dce32fbf24c524eda3202
-=[ Methods of Malware Persistence on OS X Mavericks ]=-
by Patrick Wardle
at VB
type slides
hash 8e2f80af933041a7348f0fa1a37c03e75b0a09d5b9f5d453e63e031dbdd91ceb
-=[ OS X Yosemite Artifacts – Call history and SMS analysis ]=-
by nofate
at N/A
type slides
hash fe907f6aa54ba6adcc57b5e5c269ec4606fd8f88eed8d2b1d1cdf3fd0b648ad7
-=[ BadXNU – A rotten apple! ]=-
by fG!
at CODE BLUE
type slides
hash a0d60866c936e4191f5c5a0a220b41377a6b2723498d5d724a0ba3d54824efe9
-=[ In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux ]=-
by Andrew Case, Golden G. Richard III
at DFRWS
type paper
hash 1ddd0eee0008fb9756e99dd2a397a4b85daab9c0e6c31fc8bc3ada8fb8ea862a
-=[ Improving Mac OS X Security Through Gray Box Fuzzing Technique ]=-
by Various Authors
at EuroSec’14
type paper
hash 667e1f63368af9a7dfd591ee32a4aaae9894bd40a25f29beccbf878dd2e3fe1f
-=[ Rex vs The Romans ]=-
by fG!
at SyScan Singapore
type slides
hash 9568a24929797e1cdd02cae2123ad3ec7f39969e5f0130ae3861f793d6d20baf
-=[ Fuck You Hacking Team! - From Portugal, with Love. ]=-
by fG!
at Shakacon
type slides
hash 43ab29c8a46f1e553aab8b2d2205fb45b8656fa95f25bb111d1b3e0cf7cdbc19
-=[ Fuck You Hacking Team! - From Portugal, with Love. ]=-
by fG!
at SyScan360 Beijing
type slides
hash 74d2cab89c3aff7ecaf85f006c6f86e8c6c89e56359168634d07083728e9fb18
-=[ You can't see me - A Mac OS X Rootkit uses tricks you haven't known yet ]=-
by Ming-chieh Pan & Sung-ting Tsai
at BlackHat Asia
type slides
hash 03195c3129c7951720b948df76ec29c0d30a3986670fe7dcf7b8aea4ebb91381
-=[ You can't see me - A Mac OS X Rootkit uses tricks you haven't known yet ]=-
by Ming-chieh Pan & Sung-ting Tsai
at BlackHat Asia
type paper
hash 42a61e23d4a048a4b4c222b92968d630925adb0e7cad67e07edb2438d8281323
-=[ Mac OS X Forensics - En Profundidad ]=-
by Joaquin Moreno
at RootedCon
type slides
hash 742fcf855b26804ebced206764cbd7847dc6448ed3500029d4154c0ea11e9e5f
-=[ Hunting Mac Malware with Memory Forensics ]=-
by Andrew Case
at RSA
type slides
hash 090805e025852cc6830c5e5ce5a0370f4959b21fa7eb138a38f7066d9cac2391
-=[ OSX Malware Plists, Shell Scripts and Object-C Oh-My! ]=-
by Amanda Stewart
at MIRcon
type slides
hash ce0e59e99b21d6837f5b61bc07a6dbc734fca28a6acc99d2a4967d055f0c412f
-=[ Playing Hide and Seek with Rootkits in OS X Memory ]=-
by Cem Gurkok
at FIRST
type slides
hash 9db4e6f5ec0a362422219d9a3ab686bffd45c107d67a51f3958413d49d8e26dd
-=[ Reverse Engineering Mac Malware ]=-
by Sarah Edwards
at SANS DFIR Summit
type slides
hash a045304d1614d9e9c16aa2e136b3f1e9a7293c66b7ac5ea73d0c96b5ee0d9b6d
-=[ Fuzzing OS X at Scale ]=-
by Ben Nagy
at Infiltrate
type slides
hash 1cbb59ba56dedde2f7e0ed37593dbda6c3baccc654f5bf78957d749a5263b13a
-=[ Mac OS X Forensics ]=-
by Joaquin Moreno Garijo
at N/A
type paper
hash f529b7e3fe791efbf214a68189ae8d9a4f90871b89cc1f28a4170af29d15a308
-=[ Unauthorized Cross-App Resource Access on MAC OS X and iOS ]=-
by Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, Xiaojing Liao
at N/A
type paper
hash ece3215f1041638c7e80717f3528c48fffb5d9d0f9b925cd46938a293c3d9f4f
-=[ WRITING BAD @$$ MALWARE FOR OS X ]=-
by Patrick Wardle
at Infiltrate
type slides
hash aef5e30aade6477bb3351a6fb7f06242f3440eeec9c487b00753ce73b718bb60
-=[ WRITING BAD @$$ MALWARE FOR OS X ]=-
by Patrick Wardle
at BlackHat
type slides
hash 6c4eca77d3fbb6379919947136c28a5a0c6aa60ec6ea35be9c7f9f61be3dcc9d
-=[ DYLIB HIJACKING ON OS X ]=-
by Patrick Wardle
at VB
type paper
hash 744c31a3dff52f2dd39eedac05356ba50532a119ade81ac0b670bffc448f7e3a
-=[ Exposing Gatekeeper ]=-
by Patrick Wardle
at VB
type slides
hash 1548d093d53cb83b68042952abd23238bd1c728071c159becef224d1a4ba1df3
-=[ Thunderstrike 2: Sith Strike (draft version) ]=-
by Trammmell Hudson, Corey Kallenberg & Xeno Kovah
at BlackHat
type slides
hash e13704d453748f03908fb2744af936760b182c9528564d7da0424fe6ce998018
-=[ Thunderstrike 2: Sith Strike ]=-
by Trammmell Hudson, Corey Kallenberg & Xeno Kovah
at BlackHat
type slides
hash f6564f3811fd1fef7f7a0928710defe26bfab14501791fd7b899b7997de62ccb
-=[ Thunderstrike 2: Sith Strike – A MacBook firmware worm ]=-
by Trammmell Hudson, Corey Kallenberg & Xeno Kovah
at HITB GSEC
type slides
hash 820a8a182b14f478d0c63667303cad70ccbe66438bdcf2e2f3d5de5fc1fe5354
-=[ Is there an EFI monster inside your apple? ]=-
by fG!
at 44CON
type slides
hash fafab87747d3804576bd730a5064f8f2a886286cc1fe55e2ab45b5d6a50cf734
-=[ Is there an EFI monster inside your apple? ]=-
by fG!
at SyScan360 Beijing
type slides
hash b001cbed3b698401bb727a7519daaafb308b03630a1196f9fd4a8abb6b7a345f
-=[ Is there an EFI monster inside your apple? ]=-
by fG!
at CODE BLUE"
type slides
hash e7da969838c9febe2fa824234b945c6fd8adc244f41703273e0efdb6a25e492d
-=[ OS X Kernel is As Strong as its Weakest Part ]=-
by Liang Chen and ShuaiTian Zhao
at POC
type slides
hash e85e6888cdd01d746688fb018bd791d92e2527043c7dcb46c8801e2bdcbe4a3a
-=[ BadXNU – A rotten apple! ]=-
by fG!
at SyScan
type slides
hash 785bd71c56a1eee59dc2a5d841795ef82612ba04a5f7d1b31a3b2fa4cb78f950
-=[ Is there an EFI monster inside your apple? ]=-
by fG!
at No cON Name
type slides
hash 7747ce3806b4395d256277d123aaa3cb2b7a2fa9b2ecfb49a4c2d8011b52df02
-=[ BadXNU – A rotten apple! ]=-
by fG!
at No cON Name
type slides
hash ab5b6862c43078a9cb86e1b5f8786f9df3653ebabf3a1930e1a4172805f7ea41
-=[ IPv6 Hardening Guide for OS X ]=-
by ERNW
at N/A
type paper
hash bfd0cf9a0f78080cb7e316ed47fa632e59178bf5f2d56411a1a092332a741eac
-=[ DTrace + OS X = Fun ]=-
by Andrezj Dyjak
at Confidence
type slides
hash 21d026accb27745f3ba29b2746fcd7964dc5c7e2c816f8967ff87db9d7236b7b
-=[ Advancing Mac OS X rootkit detection ]=-
by Andrew Case, Golden G. Richard III
at DFRWS
type paper
hash 8087e827c229ed50a7d8d5e52fdcfba34044ee43e410f3b7ac2081f833aa4516
-=[ Code Signing – Hashed Out ]=-
by Jonathan Levin
at RSA
type slides
hash 9a7e284d760073db1c003f63153ebd666cb4fa195b2b1edb6e8fb0fd6b4b8541
-=[ Escalating privileges on OS X and iOS – IOKit edition ]=-
by Ian Beer
at SyScan
type slides
hash 1f349be7520229f22f7ba742c4ee7d1364f22069ae75e896d05ee3d893dae93a
-=[ Auditing and Exploiting Apple IPC ]=-
by Ian Beer
at JailBreak Security Summit
type slides
hash 026083424cae87b937761e6376301b913031f7e61b8cef71baf608d98f66bd41
-=[ BadXNU, a rotten apple! ]=-
by fG!
at BSides Lisbon
type slides
hash fcf223d11009fdcc0bdc9aae3bdef47095cfe3ffecc434ce5766fd0112d67d3a
-=[ Is there an EFI Monster inside your apple? ]=-
by fG!
at Secuinside
type slides
hash 544396ec92b28b71afabf62acc7f980517493ab0e99ca7d3c8932be047027b4e
-=[ Attacking the XNU Kernel in El Capitan ]=-
by Luca Todesco
at BlackHat EU
type slides
hash 584e966fad83cbef379da62775116910fbe0c94ae93c4a5dc4daaa6a16dd2d82
-=[ DLL Hijacking on OS X ]=-
by Patrick Wardle
at n/a
type slides
hash 06eee5e33fcfd3f11f96811c7ffb65b6b9418c2cd20434b223613f6f0ae3c3e7
-=[ Malware Persistence on OS X Yosemite ]=-
by Patrick Wardle
at RSA
type slides
hash 02e6aaad85f61b804cd7c682f6ebfdd5d37c185e6e766d8f729f23ebe1d37822
-=[ Cyphort MMW - Mac Malware ]=-
by Nick Bilogorskiy
at N/A
type slides
hash 52a6963e34913e6e5f1bf00410dfb6314086f2869f548f29f7d3ed1a0c0a4ee0
-=[ Userland Persistence on Mac OS X ]=-
by Josh Pitts
at n/a
type slides
hash 6139e48bd756294dc16c9019420441497dcdaa622d1d5645d059c11fee1f3c3b
-=[ Memory Corruption is for Wussies! ]=-
by fG!
at SyScan360 Singapore
type slides
hash fd674de59896121d15100c5cb74aa09c827caaa3f439f29d011f44f7ef3cd785
-=[ Don’t Trust Your Eye: Apple Graphics is Compromised! ]=-
by Liagn Chen, Marco Grassi, Qidan He
at CanSecWest
type slides
hash 074909f59a442817057efe82bd088d2e70eb3a7b9931695af8634610977a6302
-=[ OS X El Capitan sinking the Ship ]=-
by Stefan Esser
at SyScan360 Singapore
type slides
hash 35d97c449073cfeac6fd2789b752eb5716f1b5d39143c655c4125d546c08f6fb
-=[ 50 Shades of Fuzzing ]=-
by Peter Hlavaty & Marco Grassi
at Shakacon
type slides
hash c0794b96400d2ed883dabf635005529df1a245a493b9f06a46b05848c1c0e4c3
-=[ Let’s Play Doctor – Practical OS X Malware Detection & Analysis ]=-
by Patrick Wardle
at Shakacon
type slides
hash 97c21e3507f630e1eb708026c69e7be6e1d470a24fcb429df5a68ec33ffa3d9e
-=[ Let’s Play Doctor – Practical OS X Malware Detection & Analysis ]=-
by Patrick Wardle
at RSA
type slides
hash 7cca5927b3ab2ff51f32b41b8b5d7c15d2b901fe797280d4f9a6150996172393
-=[ In the Zone: OS X Heap Exploitation ]=-
by Tyler Bohan
at SummerCon
type slides
hash 2819e516b8b575ccec5edcc4ccc06a696e4a1fcefd2b683ad0fbf85cde48104b
-=[ Detecting malicious behaviour using system calls ]=-
by Vincent Van Mieghem
at N/A
type thesis
hash bc30802c78e91542d84f13973948e3ca233577631ff3c3e47f3b2d04be5ae6ab
-=[ SUBVERTING APPLE GRAPHICS: PRACTICAL APPROACHES TO REMOTELY GAINING ROOT ]=-
by Liang Chen, Qidan He, Marco Grassi, Yubin Fu
at BlackHat
type slides
hash 9237a065b9b75ebb10390cdb47f368f7cedbf1cbba22acf457c5c1bde3dadc85
-=[ SUBVERTING APPLE GRAPHICS: PRACTICAL APPROACHES TO REMOTELY GAINING ROOT (BH site version) ]=-
by Liang Chen, Qidan He, Marco Grassi, Yubin Fu
at BlackHat
type slides
hash 816768020ac080dd1de5fe5ae9ca8fe46985e9ff911a4fbffc3f05f915ebffc4
-=[ SUBVERTING APPLE GRAPHICS: PRACTICAL APPROACHES TO REMOTELY GAINING ROOT ]=-
by Liang Chen, Qidan He, Marco Grassi, Yubin Fu
at BlackHat
type paper
hash b90c397f889f95ee66e2907ddd178e253090aafc4619e1942b10ecefd2c18f2f
-=[ The Python Bites Your Apple - Fuzzing and Exploiting OS X Kernel Bugs ]=-
by Flanker
at XKungfoo
type slides
hash 2a80304a594498afdbe86cf83468f7d5a0be1b72720c71fc4659cdfd8e15c071
-=[ OS X Vulnerability Research and Why We Wrote our Own Debugger ]=-
by Tyler Bohan, Brandon Edwards
at Shmoocon
type slides
hash fbd7cb9921991fdacddbab3ec9e68585c84dcbc3d2a5cea0c60a659c185d921c
-=[ Shooting the OS X El Capitan Kernel Like a Sniper ]=-
by Liang Chen, Qidan He
at REcon
type slides
hash ee37a51aee19514adbd7c60dc7e836f5c834be3c0c605c07de094029bd00b27a
-=[ I got 99 problems, but Little Snitch ain't one! ]=-
by Patrick Wardle
at Def Con
type slides
hash 3772c853f8dad2a867b9d52eaf29b9011ae0cdf3ed03a2cf820612c7005de8eb
-=[ Escaping the sandbox by not breaking it ]=-
by Marco Grassi, Qidan He
at Def Con
type slides
hash cbef9aac1349afd0b16d77c425f582642d6088f9fe183001f856ca39cd120f27
-=[ Mach-O Libre - Pile driving Apple Malware with Static Analysis, Big Data, & Automation ]=-
by Aaron Stephens, Will Peteroy
at FIRST
type slides
hash 5a1d7978f9e8a658df61a13cb4afc78c5b87c2653a1482cfd1b736ac6777a37e
-=[ Swift Reversing ]=-
by Ryan Stortz
at Infiltrate
type slides
hash 903836f2b7a2218bf8533d719542a4bb2019370508692b28883cb60e7b8aa05a
-=[ Reverse Engineering Swift Apps ]=-
by Michael Gianarakis
at HITB GSEC
type slides
hash 062bfbde287b2e32e9f9fec08e85329f6368ab4f521255526533e26f6bd251c1
-=[ Hack in the (sand)Box - The Apple Sandbox - five years later ]=-
by Jonathan Levin
at HITB GSEC
type slides
hash 2c23141f590208898e42c40ac002f04a28d5cdd6a90977bacfa924dc8a4eb06f
-=[ Meet & Greet with the Mac Malware Class of 2016 ]=-
by Patrick Wardle
at HITB
type slides
hash 3cbdb2e712a5cb1d3607bed2fc86ec92ff0f50d51ac37ed503462b95986f32b0
-=[ Who’s Breaking into Your Garden iOS and OS X Malware You May or May Not Know ]=-
by Claud Xiao
at Bsides San Francisco
type slides
hash 49aaaf8d0b58aaefc1363fa1e7b47c7e90bc5ca6e062e3110529a461e69072ce
-=[ Analysis & Correlation of Mac Logs ]=-
by Sarah Edwards
at n/a
type slides
hash bd6f4cc7e661a4077a1f684c283f793a7d14957608384bec7c084288c69acf30
-=[ Strolling into Ring-0 via i/o kit drivers ]=-
by Patrick Wardle
at Ekoparty
type slides
hash e16b0770cd853598ca22c7a0a8e14bb6ee086a61f66702dd2474f89e5f7db66d
-=[ Gatekeeper exposed ]=-
by Patrick Wardle
at n/a
type slides
hash db588115891b867b15a6aac4fd8ffe1f9f2763fb7fe13fcc82969b8ed74c58fe
-=[ Mac OS X : System Integrity Protection ]=-
by Nicolas RUFF
at SSTIC
type slides
hash 7c5516047ccdce15712bfa617db00f400654a2241e69bcda526624c4bfa67c41
-=[ Fuzzing and Exploiting OSX Vulnerabilities for Fun and Profit ]=-
by Moony Li & Jack Tang
at PacSec
type slides
hash 6165ed0be3234e6e68d7ea3019599ff5b51c51f5eead569d450662974fee3f2f
-=[ Hacking Exposed: Mac Attack ]=-
by George Kurtz, Dmitri Alperovitch
at RSA
type slides
hash 285ba780ffa1b027f737485dcfb8c1103414afeddacc11b0264841a9383ff1ac
-=[ Dissecting the APT28 Mac OS X Payload ]=-
by Bitdefender
at n/a
type paper
hash f9270f6b08b86254e56143844daa86c738ca771345bf6365530ae49449005497
-=[ CRAFTING MACOS ROOT KITS - Come for the Tradecraft, Stay for the Code ]=-
by Jonathan Zdziarski
at n/a
type slides
hash e52b1a653f283bf2ef4719cfdbadcecbd28f4ecf3148f7b6d5ee40df3947bf74
-=[ Mac OS X and iOS Forensics - Looking Into The Past with fsevents ]=-
by Nicole Ibrahim
at SANS DFIR SUMMIT
type slides
hash bcff68ede12180f3eb45482a40ee50b0fbe9389d37cf8cb606160568ddf13775
-=[ Oversight - exposing spies on macOS ]=-
by Patrick Wardle
at HITB
type slides
hash 4785e2868d4a4870e4c22a200f0817e91c8ec4dc5562fb6f79ea4aebe0cb0732
-=[ The Apple of Your EFI - Findings From an Empirical Study of EFI Security ]=-
by Rich Smith, Pepijn Bruienne
at n/a
type paper
hash a0ad692c088ad03e53f32200f21d0b202ec93d593bb3116a5af22b14df92c7f7
-=[ LOGS UNITE! FORENSIC AN ALYSIS OF APPLE UNIFIED LOGS ]=-
by Sarah Edwards
at n/a
type slides
hash 374c1f1801cf8db131621d075c74d44c92641f0413e95b052ef65fd3aefb6724
-=[ Playing with Mach-O and DYLD ]=-
by Stanislas Lejay
at n/a
type slides
hash fde5b0cfc6bcce4c4336dbf340dacd453d1cae418c8ad1fdcadd68f67ffb8569
-=[ macOS Logs - ASL to Unified Logging ]=-
by Nic Scott
at n/a
type slides
hash febe66e58cdb65dfc0eba2129deb2472ee722f1a77e5fa8c236ffd4e43cf8698
-=[ Biting the Apple that feeds you ]=-
by Alex Plaskett, James Loureiro
at 44Con
type slides
hash 7e3172cd55a5ba3c0ec406a4adbaa7b73421a60b2552ccd887ed7bc3d409034c
-=[ Exploitations of Uninitialized Uses on macOS Sierra ]=-
by Zhenquan Xu, Gongshen Liu & Tielei Wang, Hao Xu
at Woot
type slides
hash 2b3dde30bc15fd18e1258f9b30e7ffec5fedbd54810167726325bdcf9397d5f9
-=[ Dissecting OSX/FruitFly via a custom c&c server ]=-
by Patrick Wardle
at BlackHat
type slides
hash 7a80f2fd524870ac147972525be8ce72b76c350081d8f7343c8014d69a3f4bbd
-=[ Dissecting OSX/FruitFly.B via a custom c&c server ]=-
by Patrick Wardle
at VirusBulletin
type paper
hash 4a5dd4ba3255cded24506ac8fc46e482da970d6a2d369b2a68eff0f9335a754b
-=[ Signed, Sealed and Delivered ]=-
by Jonathan Levin
at MacSysAdmin
type slides
hash 5d1ad3ce79c3d1d0afe04059e7b5a8670b4914d9646f1b20a49e7ef168c9ceda
-=[ Synthetic Reality - Breaking macOS one click at a time ]=-
by Patrick Wardle
at Syscan 360
type slides
hash 8399646f552d20e2118265380fccd25b6d08d938f6440d42aab7f5d954e2a69e
-=[ Code signing flaws in macOS ]=-
by Thomas Reed
at unknown
type slides
hash 4b4f6899a3c3629312bdf11627aa269ab30f77c8d929541be12c2cd178cf02c9
-=[ Mac-A-Mal: An Automated Framework for Mac Malware Hunting ]=-
by Pham Duy Phuc and Fabio Massacci
at BlackHat Asia
type slides
hash 24e59bdf71ceadf13b8b219e7e1b705a55a14a38767cf0d7ef9a286549c51760
-=[ Mac-A-Mal: An Automated Framework for Mac Malware Hunting ]=-
by Pham Duy Phuc and Fabio Massacci
at BlackHat Asia
type paper
hash b30e24735de4e1ec3abf9b29cf166b3a60040183ac7d4e890d0bad7215cf617f
-=[ Apple Safari - Wasm Section Exploit ]=-
by Alex Plaskett, Fabian Beterke Georgi Geshev
at n/a
type paper
hash ed96fd89dfe69450df3a906428b19f059e47545d84dd6392c183e19c461632e5
-=[ Fire & Ice making and breaking mac firewalls ]=-
by Patrick Wardle
at Def Con 26
type slides
hash a010088ec8e02d45d18c98bb1904b66165b094f807ebc2943370a18d42f97342
-=[ The Mouse is mightier than the sword ]=-
by Patrick Wardle
at Def Con 26
type slides
hash 8e4262d62d25d69ae6d480489fa7bca6ebc4ae6e09c9f71be519d27a5a9fffaa
-=[ Attacking the Graphics macOS Kernel Driver ]=-
by wang yu
at Def Con 26
type slides
hash 138a4cc880d78de623e4c1def0616cbee9f7887ee70aeeccf7b5b04fecb5c7fb
-=[ Modern macOS Security ]=-
by Mikey
at Bsides MCR
type slides
hash 2fa773055ba7300e1b8a19a784ad6cb5da98730d7d4df9f0de1c562178552399
-=[ Heapple Pie - The macOS/iOS default heap ]=-
by Eloi Benoist-Vanderbeken
at Sthack
type slides
hash e95b09ae634c6b1ccaf82fc7c2bbf9b6847f8bf2ababe4223539aa1f576ebd29
-=[ Crashing to root: How to bypass SIP on macOS ]=-
by Brandon Azad
at Objective By The Sea 1.0
type slides
hash 5d448c98f43f86ac565cdb70935ea90425bbcaf3185201900716eaced4698f5c
-=[ MACDOORED - A FIRST LOOK INTO REAL-WORLD MACOS INTRUSIONS ]=-
by Jaron Bradley
at Objective By The Sea 1.0
type slides
hash 8ac71834e467e8f1e04e3dc97355fb822b95d5281316f7c0c1f1e371919898dd
-=[ When Macs Come Under ATT&CK ]=-
by Richie Cyrus
at Objective By The Sea 1.0
type slides
hash c974dc6db0e296992e81b9857f64fd9067612c1655308d5739025983ead61fc3
-=[ FROM APPLE SEEDS TO APPLE PIE ]=-
by Sarah Edwards
at Objective By The Sea 1.0
type slides
hash a494f99e0b1483e190cf9345397c78bda7cc9c984deb5086cd9a4741f3c46a9c
-=[ APFS - No clever or witty subtitle. ]=-
by Jonathan Levin
at Objective By The Sea 1.0
type slides
hash f6981e663b95818daecb49503906fc2521bd720e02bb73541c4dd963c25af8e1
-=[ Aliens Among Us ]=-
by Mike Lynn
at Objective By The Sea 1.0
type slides
hash 40a55c3604ccfc8e53043a214ffccefef4031b631c268a0561e26891830c490b
-=[ What's Your Game Plan? Leveraging Apple's Game Engine to Detect macOS Threats ]=-
by Digita Security
at Objective By The Sea 1.0
type slides
hash 02f3e9bc827b4bafa52434134ee439e431fdbc6d281b2b5c1f40c2383229141a
-=[ Code signing flaw in macOS ]=-
by Thomas Reed
at Objective By The Sea 1.0
type slides
hash 5c95057c9d6a7460cb37b459cdc520c05f2ee9dd65b064327b9ac40a339f1a2a
-=[ Who moved my pixels?! ]=-
by Mikhail Sosonkin
at Objective By The Sea 1.0
type slides
hash 1f8beeab20a1d0d5fb0777a23bd03fc71bd435b633e7aadaabd932fa2f52d975
-=[ Protecting the Garden of Eden ]=-
by Patrick Wardle
at Objective By The Sea 1.0
type slides
hash e5e3e5255d6336dd0b3e55fb86c96dcb380d1575a84de03a86cbefd244da7459
-=[ IOService Becomes a Grandpa ]=-
by Tielei Wang, Hao Xu
at POC
type slides
hash 07db205465ff6c15ff0b0697cf72aecc2e7d10312d860f5d677e3b320fb37745
-=[ Drill the Apple Core: Up & Down - Fuzzing Apple Core component in Kernel and User Mode for Fun and Profit ]=-
by Juwei Lin, Lilang Wu, Moony Li
at BlackHat EU
type slides
hash 4eb5961830c641606a3e3e70adf99851a309fe2909421dcc029bc97325c99269
-=[ Bits of launchd ]=-
by Samuel Grob
at n/a
type slides
hash c9b5c954c54a718d6bc994233ca1d29ef9074c5c17fa0b6b07ddee8852b62e14
-=[ mac_apt - macOS Artifact Parsing Tool ]=-
by Yogesh Khatri
at SANS DFIR Summit
type slides
hash 8116effd55df9260d600337349e17ce6c904439d7baae059cc856482c13e6fd1
-=[ vm_map'ing out XNU Virtual Memory ]=-
by Ian Beer
at Objective By The Sea 2.0
type slides
hash 562d356b9c6c81381a4c54877a53169672ecba36ba32d34b75dab67917a023a5
-=[ Bad Things in Small Packages ]=-
by Jaron Bradley
at Objective By The Sea 2.0
type slides
hash cedf7a67891d7bf8e58db07d38212e9d450202fd89aa2abb13069efa141d1ad4
-=[ Detecting macOS compromise with Venator ]=-
by Richie Cyrus
at Objective By The Sea 2.0
type slides
hash 53e5657a82ac74cae2c128dac2bd764e8243872e3e0885e038b05844ab9b71f3
-=[ Watching the Watchers ]=-
by Sarah Edwards
at Objective By The Sea 2.0
type slides
hash b631d570009a8ce85df686c5b33395820a96b46750e7f684d92fd3bbc2f16de1
-=[ macOS - getting root with benign App Store apps ]=-
by Csaba Fitzl
at Objective By The Sea 2.0
type slides
hash 343f9eae91b6302ea1e05b70cf28588aa54463ed10ca49bca14d0ff57dedb161
-=[ Key Steal ]=-
by Linus Henze
at Objective By The Sea 2.0
type slides
hash 5b33342b9057c4558e5920e6911e9dfb953e19aaaf518c82ba11039c96c6c450
-=[ Root Canal ]=-
by Samuel Keeley
at Objective By The Sea 2.0
type slides
hash f7c3d14c093245dad1981e6b71a2933401e5d9d32c121c7fd70f78fead77ea93
-=[ Malware Behavior on macOS ]=-
by Thomas Reed
at Objective By The Sea 2.0
type slides
hash 322818b6facf3bfa840c7cdef5f88e339222ff85682dd7aa14ffb972e7b65263
-=[ Harnessing Weapons of Mac Destruction ]=-
by Patrick Wardle
at Def Con
type slides
hash e5463fd1812df6f5177160bb06d01b647e85b2ac3efea5bef09bc08d8b5fa22c
-=[ Unpacking .pkgs - A look inside macOS Installer packages and common security flaws ]=-
by Andy Grant
at Def Con
type slides
hash 29ca9d9257c6a364cdb6bf02de496911afe13c7386b484ef3b17cbfaa1b92752
-=[ How to gain root with CVE-2018-4193 in < 10s ]=-
by Eloi Benoist-Vanderbeken
at OffensiveCon
type slides
hash c78ee2f84609dcf3a6463c9985679e3a9b82998dbec5c6cb8792eb27c3f9058f
-=[ Debug for bug: Crack and Hack Apple Core by itself ]=-
by Lilang Wu, Moony Li
at BlackHat
type slides
hash 31904281837529ea05c845bd4192d5afc068bafab12d637356473d366b45e1b1
-=[ Bootbandit: A macOS Bootloader Attack ]=-
by Armen Boursalian
at n/a
type thesis
hash 4efd8e57188c1a23f204cfe0a1e341f55c026302b33c846339e345c799e335fc
-=[ Bootbandit: A macOS Bootloader Attack ]=-
by Armen Boursalian, Mark Stamp
at n/a
type paper
hash d174632fb2049c6da93caa7817960440fd47a73356609d6fbfb2935af4bec17d
-=[ Hypervisor-based Analysis of macOS Malware ]=-
by Felix Seele
at Objective By The Sea
type slides
hash bd0d3f9e62d13a3509ae615f977314b508188fc575840eb194797b0fb952b7ed
-=[ Zero To RCE In Two Days - Exploiting Zoom on macOS ]=-
by Michael Gianarakis & Sean Yeoh
at HITB
type slides
hash 41542bb0703aef694e07668818ac203cce495bc84d6011b1d0fef63b83de64c4
-=[ Shedding Light on the macOS Spotlight Desktop Search Service ]=-
by Vico Marizale
at SANS DFIR Summit
type slides
hash 3b554694b6577068e7ffd15d7abd384e8d0c35940a9d0d42c315b888511f2ced
-=[ .DS_Stores: Like Shellbags but for Macs ]=-
by Nicole Ibrahim
at SANS DFIR Summit
type slides
hash bbcdb848d619e33133b5399739c1746af87c0b6982b4a33cfc05661627f8047a
-=[ Safari Adventure: A Dive Into Appple Browser Internals ]=-
by Zhiyang Zeng
at POC
type slides
hash 7cf92f94193515d3965f31d1d1e6657f8db8332393ce4139b2be2086d8c5a42a
-=[ Incident Response on macOS ]=-
by Thomas Reed
at DerbyCon
type slides
hash 871b00d06e3e21c83e24bcfa8a794dfd05c4a6384296ce0bbbff9e78f9f2a08e
-=[ 0DAYZ OF OUR LIFE ]=-
by Joshua Hill
at Objective By The Sea
type slides
hash ed1459464b584f71a928adad362e1d196b506c84219cf527cffe8e6f0a05f5a5
-=[ Fun with Mac Malware Attribution ]=-
by Joshua Long
at Objective By The Sea
type slides
hash f5237f76218a6039ef49789ab0c9b6f518ad8d3c7373e1406ffb3692a423774c
-=[ How to reverse malware on macOS without getting infected ]=-
by Phil Stokes
at n/a
type paper
hash d11936d0b6f9573831e260ce27e600e630ad8090ee2fe167376e035c72077a07
-=[ ModJack - Hijacking the macOS Kernel ]=-
by Zhi Zhou
at HITB Amsterdam
type slides
hash 67a5a8bbf17509f97c83e3a7c835d2fbc7fc2e7d7b26e8f35ee724ed46149951
-=[ Adventures on hunting for Safari Sandbox Escapes ]=-
by Ki Chan Ahn
at n/a
type slides
hash a19159e11f4486d47dc317ae9781b44ed720fe5efd38dce059a14e14f77bde9e
-=[ Repurposed Malware - A Dark Side of Recycling ]=-
by Patrick Wardle
at RSA
type slides
hash edeaf8ae8c7749d2c852671911fc05ab83a28e797500a7497cec54a6b3eb520b
-=[ An Attacker's Perspective On Jamf Configurations ]=-
by Luke Roberts, Calum Hall
at Objective by the Sea
type slides
hash 5ec2a3249b8224fe99176179187df5421936b220f0776a8217680f9d6d6cb7e3
-=[ Walking the Bifrost - An Operator's Guide to Heimdal & Kerberos on macOS ]=-
by Cody Thomas
at Objective by the Sea
type slides
hash 290bd3ede025f6024f7159c38ac1e914f499e282ce09158a79b2d4532b57fc34
-=[ Binary Emulation for Threat Analysis with Binee ]=-
by Erika Noerenberg
at Objective by the Sea
type slides
hash 585e132d6f36004eac3837b8de47bbbc6c47cc9036253398c604c8837d44a015
-=[ Grafting Apple Tree’s Building a useful process tree ]=-
by Jaron Bradley
at Objective by the Sea
type slides
hash d28e6e81d1d10b0c230d7018f254d43b813c18f7240e8a4ca23cdba9751b68d4
-=[ Finding Waldo In The Apple Unified Log ]=-
by Jai Musunuri, Erik Martin
at Objective by the Sea
type slides
hash e5001013505dbf331e810980d55a8599341e2c70b91c6bb376bb7bc1c470a62f
-=[ Job(s) Bless Us! Privileged Operations on macOS ]=-
by Julia Vashchenko
at Objective by the Sea
type slides
hash 68ead8f1862541ec1910339e28f9ffbf25bc20f3fadf06628ef68dd71a0917db
-=[ Mimic in Configuration ]=-
by Manabu Niseki, Suguru Ishimaru
at Objective by the Sea
type slides
hash 010d4760bf49ba30c2c0450d175d8772ae23df4328ebab2324a9748763f84a3c
-=[ Exploring macOS with APOLLO ]=-
by Sarah Edwards
at Objective by the Sea
type slides
hash 3504926ed74d5cd341d946b823f552fa55efbb6031c2840f997a4f01dfc3389c
-=[ Endpoint Security and Insecurity ]=-
by Scott Knight
at Objective by the Sea
type slides
hash d417d20065b6811980452eaabb4683880873ef0ccc805c87c32a1ee49a528789
-=[ The case of the fly on the wall ...and the legal issues of disclosing malware ]=-
by Thomas Reed
at Objective by the Sea
type slides
hash 25e72850b5ec935b539dd7ee57159d8c1e82ba1ce1c14fc52571d17f2b92cb06
-=[ Quarantine nights Exploring File Quarantine handling in macOS Apps ]=-
by Vladimir Metnew
at Objective by the Sea
type slides
hash 16bdbcb61390dfc0cfafa7042929c1a2904565a1e2b84aa9e5e5e0563bbddfda
-=[ Abusing & Securing XPC in macOS apps ]=-
by Wojciech Reguła
at Objective by the Sea
type slides
hash f3a4541d4fd70811d7ec716f2a6ebe5ec092a88d2454540d810dae2e77749b73
-=[ Documents of Doom - infecting macOS via office macros ]=-
by Patrick Wardle
at Objective by the Sea
type slides
hash e8706433c70420a80019350419050e861fc3c5a5a6e6f4fe52bf3f52562f1ab0