papers.put.as

A collection of papers and presentation slides related to macOS, iOS, and (U)EFI Firmware.

macOS

-=[ Inside Mac OS X - Kernel Environment ]=-

year 2000
by Apple
at n/a
type paper
hash c8a51d3db1deb7e70fee1af708d0b3dfcd7b2996a5ac1af449b23698ddbab50f

-=[ Dynamically Overriding Mac OS X ]=-

year 2003
by Jonathan Rentzsch
at N/A
type paper
hash c64fe59fc7dd7c30b8b4a379ac691c58d5b1c8f213d03e9d162bd8be3fe4c323

-=[ A Debugger with Gui in OS X ]=-

year 2003
by Ivan Krizsan
at N/A
type thesis
hash 183c67089ffc3282e66f6aca23b3a70459bd85d1488808eb38c1eea3e00db796

-=[ Practical Mac OS X Insecurity ]=-

year 2004
by Angelo Laub
at CCC
type slides
hash 039ce00494ca033973d5c934dc1f8fc4c7d3a8a111797aae993e8f3af44f6f37

-=[ MacOS Kernel Insecurity ]=-

year 2005
by Ilja van Sprundel & Christian Klein
at N/A
type slides
hash 3841f97e8f088f4b0373b78148c79dd65233e705867a1276bea32776ccdc6b96

-=[ Infecting the Mach-O Object Format ]=-

year 2005
by Nemo
at N/A
type slides
hash 4fcd6992827fa19b982ba4f92e386ec2d51c9cc40dada4b4c41c14d3e2dec1e8

-=[ Hacking Mac OS X Kernel for unsupported machines ]=-

year 2005
by Ryan Rempel
at N/A
type paper
hash 56a628a4f53c48b5c90a7f4eb031d52a529edb27a02f7ae8fb08ef88c14b184b

-=[ FireWire: All your memory are belong to us ]=-

year 2005
by Michael Becher & Maximillian Dornseif & Christian N. Klein
at CanSecWest
type slides
hash 8783068585b92ee08b2f94de00583cdda4948578421a75ea0ca76dd0e600be81

-=[ Everything You Always Wanted To Know About MIG But Were Afraid to Ask ]=-

year 2005
by Richard P. Draves
at N/A
type slides
hash bb3d118905008489652fcb81c8d34a4331c31ae3859c5a385e311287bc1e2b52

-=[ Breaking Mac OS X ]=-

year 2006
by Nemo & Ilja van Sprundel
at N/A
type slides
hash ce92eb21c9021b8101e8922b32086eba29dba6efa38b8f5b6f778c4c4d39a04e

-=[ Abusing Mach on Mac OS X ]=-

year 2006
by Nemo
at N/A
type paper
hash e161878968e46a4fc93d9ca523ba2ef407c02dbb947e95d616fe230731647556

-=[ Hit by a Bus: Physical Access Attacks with Firewire ]=-

year 2006
by Adam Boileau
at Ruxcon
type slides
hash 7aa79055ea588de8d12db8bf7b2c165f74f7ac75dbccb804c299adaa07bc0d7c

-=[ Hardware Virtualization Rootkits ]=-

year 2006
by Dino Dai Zovi
at BlackHat
type slides
hash a1cd1aaeb9815d6dcac87705ccf09f0f8f7701791bfb71b3dc76dc92d98c9419

-=[ Discovering Mac OS X Weaknesses ]=-

year 2006
by Jay Beale
at Def Con
type slides
hash 072f71c8b0fca8290fe96472ce4aeb0ce4a298f539d8cf8a3f7c4fe971755270

-=[ Hacking Leopard ]=-

year 2007
by Charlie Miller & Jake Honoroff
at N/A
type paper
hash 5999269c67c3b676368a07048518a3f0ee05bb9e88cc5360c7f06132932becbe

-=[ Inside the Mac OS X Kernel ]=-

year 2007
by Lucy
at CCC
type paper
hash 2afd67943cb3f49a48de17b7a4221f78cb21646a7e71a3030a374a6ad40573ae

-=[ Mac OS X FileSystems ]=-

year 2007
by Singh
at N/A
type slides
hash 44320fea2a8c24028cb50d00e1b475183370cc6fd4028a635766601ffa25688e

-=[ Hacking OS X ]=-

year 2008
by Charlie Miller
at BlackHat Japan
type slides
hash c2c514e3484014a467715ce91e983588134b64be3842c64615d66f871b55dd64

-=[ Dtrace The Reverse Engineer’s Unexpected Swiss Army Knife ]=-

year 2008
by Tiller Beauchamp & David Weston
at BlackHat
type paper
hash 968e7ac92d1f5d154cc3f91794a6fb1b8e8e6e0ea781452fa6204c52a857407a

-=[ iRK – Crafting OS X Kernel Rootkits ]=-

year 2008
by Jesse D’Aguanno
at BlackHat
type slides
hash 8f8a97f7c2e5530eaeffa08a256f9ca366229d85984f4c7a93f01f857ec80270

-=[ RETrace – Applied Reverse Engineering on OS X ]=-

year 2008
by Tiller Beauchamp & David Weston
at Def Con
type slides
hash 108654f1e4f5e60d608041242c4f6425c41986cb2ec125df724c282129ccfa29

-=[ Under the iHood ]=-

year 2008
by Cameron Hotchkies
at ReCon
type slides
hash 2548ea139d2cfb97af2210d2c5f49e8e1ba35bf16b9151d3e85eb96b45548f57

-=[ Covering the tracks on Mac OS X Leopard ]=-

year 2008
by Charles Scott
at N/A
type paper
hash b51f03196a1da4459633c94909e6bcb94fd944ff684712abd597fe4624681a53

-=[ OS X Rootkits – the next level ]=-

year 2008
by Alfredo Pesoli
at LaCon
type slides
hash f126b723af77a8b5664baf20608e498109953df5bbd35033b7dc6deeaac33835

-=[ How the Leopard hides his spots ]=-

year 2008
by The Gruqq
at Hack in the Box KL
type slides
hash a37eef86f2524a5abbfeaa241f5d5b8d6e4292a0f9d2dad3f2c05b950e1ab445

-=[ Advanced Mac OS X Rootkits ]=-

year 2009
by Dino Dai Zovi
at N/A
type paper
hash 428bbe81b69e4874104fd171dfc35f2fe995582ba25fc929b22cf32d9baf0743

-=[ Advanced Mac OS X Rootkits ]=-

year 2009
by Dino Dai Zovi
at N/A
type slides
hash d468cac39b7abbc9e6809e09716d8dd45f74483b8f489a9c5d111795df12f08d

-=[ Runtime Kernel Patching on OS X ]=-

year 2009
by Bosse Eriksson
at Def Con
type slides
hash 43d75e9022f1a13308a8adbf267659afa18933077b1f7b3dd61a64240618868b

-=[ Mac OS Xploitation ]=-

year 2009
by Dino Dai Zovi
at HITB
type slides
hash d1e61cce17b508a4692c8ecf230828af877b14ab9b71a3921cdeb6a758d33155

-=[ Dynamic Tracing for Exploitation and Fuzzing ]=-

year 2009
by Tiller Beauchamp & David Weston
at Shakacon
type slides
hash 9527aa73738bf76241404970fbcdf0f6821513c47e455bc1a75980fcebe9359f

-=[ Mac OS X Malware Analysis ]=-

year 2009
by Joel Yonts
at N/A
type paper
hash 55f9227bc933ada620ab84c3f17ad141c5572c7a59bcf5f464cb0e948d9625eb

-=[ Objective-C Internals ]=-

year 2009
by André Pang
at N/A
type slides
hash 27963eff21e9f5d793a31e65eead085209c22f3cd08935fc1f6e083de7daf920

-=[ Hacking Macs for Fun and Profit ]=-

year 2009
by Dino Dai Zovi & Charlie Miller
at CanSecWest
type slides
hash b4509f8c216f0b0cad50c449795d49a12083659ca715895ef5afd8f88c1411b5

-=[ Mac OS Xploitation ]=-

year 2009
by Dino Dai Zovi
at Source
type slides
hash 79c174d6ed0267cea14997c4e0bf7b233cd18d1fbf7b2c4cc42df0d249e12edc

-=[ Debugging Cocoa with DTrace ]=-

year 2009
by Colin Wheeler
at N/A
type paper
hash 3b4d314aaaa4d9123b660c7fc956bee67b5c9ac37d36623903477dcf3af21165

-=[ Let your Mach-O fly ]=-

year 2009
by Vincenzo Iozzo
at BlackHat DC
type slides
hash

-=[ Dynamically Overriding Mac OS X – Down the Rabbit Hole ]=-

year 2009
by Jonathan Rentzsch
at N/A
type slides
hash e78e7040e028f6c956e5891a9f3c5163c0e89a07b3dc510e74441fa8ccc4467b

-=[ Encryption Wrapper on OSX ]=-

year 2009
by Unknown
at N/A
type slides
hash be87812e729e1b1b360b7ad0506719a92d950db37669f63f9823c01570000cab

-=[ Function hooking for OSX and Linux ]=-

year 2010
by Joe Damato
at N/A
type slides
hash 7d248225c661536d85cc45fef34c444e2e4e437b9dd8b97e809e00cda5b9535f

-=[ Mac Os X Hacking Snow Leopard edition ]=-

year 2010
by Charlie Miller
at N/A
type slides
hash 554f1810c140e4d1c5d539ce2b69615bcc6d62373715f79f6013b9bdb4167b29

-=[ Advanced Mac OS X Physical Memory Analysis ]=-

year 2010
by Matthieu Suiche
at BlackHat DC
type slides
hash c3490def9144f64ab06827859365ad101d42f85cb8b0ef0f64354a5d3117a089

-=[ Advanced Mac OS X Physical Memory Analysis ]=-

year 2010
by Matthieu Suiche
at BlackHat DC
type paper
hash 4123e6127ad80d0bd537f666be4134d7ced03583820670357fdad223b1752aec

-=[ Post exploitation techniques on OSX and Iphone ]=-

year 2010
by Vincenzo Iozzo
at EUSecWest
type slides
hash dcbb98040fd404b94c2e22fcdedb95d59b8ef1172bd1717c0d1b93883277e3d9

-=[ Programacion de rootkits en Mac OS X ]=-

year 2010
by Fernando López Hernández
at N/A
type paper
hash fb242b3fb850b11f26ecd1062c384c79d7426506c6795957ec430b15cefd285c

-=[ Hacking at Mach speed ]=-

year 2010
by Dino Dai Zovi
at N/A
type slides
hash b4190a7b684203045fd55351a8f5171fe6ad251147b08be139667b32f2ed735a

-=[ Mac OS X Return Oriented Exploitation ]=-

year 2010
by Dino Dai Zovi
at N/A
type slides
hash 19ca2cbcf7b4943a27a7f03b9ce620d7508991b28ac5b7807e506bfb5123c3db

-=[ Having Fun with Apples IOKit ]=-

year 2010
by Ilja van Sprundel
at N/A
type slides
hash f430a772300a7d924f8fde0a2e9232aa2f2642dd11d178cfb20a658f1253dd77

-=[ Mach-O Fun ]=-

year 2010
by Michael Feiri
at CocoaHeads
type slides
hash 0c8740f5cc4f30d6e53936c7b8baf60230bf8441004dc59aef9c67584c861855

-=[ Porting Darwin to the MV88F6281 - ARMing the SnowLeopard ]=-

year 2010
by Tristan Schaap
at n/a
type paper
hash 25b3ab7b8169ab3d22049ce1370f330f7869a9e80f0f785e222189fdfe2382b1

-=[ Defiling Mac OS X Kernel Rootkits ]=-

year 2011
by Snare
at Ruxcon
type slides
hash 456b270a40299c07b202d45fdcbd33abcae5a43f597b77e388495795b94a5e50

-=[ Hacking at Mach2 ]=-

year 2011
by Dino Dai Zovi
at N/A
type slides
hash 35280938db10e8a30d802d64908a3038ed7ec6598d847c3733c5011a7dd14260

-=[ The Apple Sandbox ]=-

year 2011
by Dionysus Blazakis
at BlackHat DC
type paper
hash 4b12ed7217d147b36d6a69d146012e0ea5cc9535c5ec00bb1b99260f6585095f

-=[ The Apple Sandbox ]=-

year 2011
by Dionysus Blazakis
at BlackHat DC
type slides
hash 0e411a122eb12ddb7c5575c50ef6e0f0a99476aa98522ee0a4c1bce5bc78691e

-=[ Battery Firmware Hacking ]=-

year 2011
by Charlie Miller
at N/A
type paper
hash 751025b53e646b56f9ac4a18d1ef37e4d59e98cefc97ab6c6a69b22d5ecd2628

-=[ Macs in the Age of APT ]=-

year 2011
by iSEC Partners
at BlackHat
type slides
hash abe56f0b2644b165a6403613d260200b0a91098e22657f3f26bed8ca893eaab5

-=[ Protecting the core – Kernel Exploitation mitigations ]=-

year 2011
by Patroklos Argyroudis & Dimitris Glynos
at BlackHat EU
type slides
hash 696fa702bbb6ba9d152abb56d367afaa5c08d4f674e120586836c3a21bfe06bc

-=[ Protecting the core – Kernel Exploitation mitigations ]=-

year 2011
by Patroklos Argyroudis & Dimitris Glynos
at BlackHat EU
type paper
hash f75609bc5f9baff8f51841f42f976274145fcf686db2d982eeab4f2c77ad0d55

-=[ Mac OS Lion Forensic Memory Acquisition Using IEEE 1394 ]=-

year 2011
by Todd Garrison
at
type paper
hash 921bd956acde1b402f3b89f1131bd5749d06c5630d8fdaf6517ee6e0b47d6131

-=[ Mach Shellcodes and Injectable OS X Rootkits ]=-

year 2011
by Jesse D'Aguanno
at Recon
type slides
hash 8b2e26d1a8ae76f67cb8266753c2f7065da0ae5a079380ae6ab880545a8d6856

-=[ PulseAudio on Mac OS X ]=-

year 2011
by Daniel Mack
at n/a
type paper
hash f50e488fe4e75232aa79ae382ab3fdc8c566aee4db1119e1cea30ff9f4644c9f

-=[ Syscan12 – DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS ]=-

year 2012
by Snare
at SyScan Singapore
type slides
hash ec2529a1ad164ecf64da8973ee7d7d82b2d93b25bdaa072dee1176ee78c27d5e

-=[ Ruxcon – DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS ]=-

year 2012
by Snare
at Ruxcon
type slides
hash 405471295c956a1f879a4111932cf122f44a9b9dc3e478bb25ffec733e491df1

-=[ Hack Mac OS X – Tips and tricks for Mac OS X hack ]=-

year 2012
by sud0man
at GSDays
type slides
hash 00ee964e0174562cba00a8a41951533587c94de7139e8db93d6bbb37b23e604d

-=[ How to re-engineer OSX to behave the way you want ]=-

year 2012
by Stephen Sykes
at CodeBits
type slides
hash 7fc1fb5cb5918d303dd270bdf60cf288d685cf10ea747e5bb444b7cf3446fa94

-=[ Mac Memory Analysis with Volatility ]=-

year 2012
by Andrew Case
at DFIR Summit
type slides
hash 32548e463fa97daad9ad4e3b85cc56f78b81325abded131482178c30867a2075

-=[ OS/X Flashback ]=-

year 2012
by ESET
at N/A
type paper
hash 43503a19825cb10ba3865c645754969ea459dcd4663c51c53df9e41d5d3a4671

-=[ When Macs Get Hacked ]=-

year 2012
by Sarah Edwards
at DFIR Summit
type slides
hash d609b76504e7a34d093e5217940c1f8a82d4c570cca678435653ba46a93e4ac3

-=[ Analysis & Correlation of Mac Logs ]=-

year 2012
by Sarah Edwards
at DFIR Summit
type slides
hash df70e821a541dd519ab94539ae61f15f11ce35968707e63d47158e4e710197a5

-=[ Infiltrate the Vault – Security Analysis and Decryption of Lion Full Disk Encryption ]=-

year 2012
by Omar Choudary & Felix Grobert & Joachim Metz
at N/A
type paper
hash b590f488f1de36e120254ac1af9d0914ad2848e9fb50af4d7a681d8e093f37c3

-=[ FORENSIC MEMORY ANALYSIS FOR APPLE OS X ]=-

year 2012
by Andrew F. Hay
at N/A
type thesis
hash 5ca26a51bd2bfe07ca063bab3289175fda056f4fa4543fc32a13781a73c60e52

-=[ EFI Rootkits ]=-

year 2012
by Andreas Galauner
at SIGINT
type slides
hash c372005b2b0f65b2aea85dae1ca674a5096df2188037efac6500791525d65dc8

-=[ DE MYSTERIIS DOM JOBSIVS Mac EFI Rootkits ]=-

year 2012
by Snare
at BlackHat
type paper
hash 02f78fb79b713c325d16152607ad54bc280b66dd3078a592974b6daadbf9cd96

-=[ DE MYSTERIIS DOM JOBSIVS Mac EFI Rootkits ]=-

year 2012
by Snare
at BlackHat
type slides
hash 2fe2ab333b7a36b0e10fed675d686ebd5544bee7cc7a9c22bf7c06d67015eb82

-=[ FLASHBACK OS X MALWARE ]=-

year 2012
by Broderick Ian Aquilino
at VB
type paper
hash 05ff29920c23830771079098fee66d1ed57cf514be6362c61ea1131cda04b192

-=[ FLASHBACK OS X MALWARE ]=-

year 2012
by Broderick Ian Aquilino
at VB
type slides
hash 2a9848771d28e12579df1b61b66c618d7b78d0e5d98b65a4b0af095976c8c8fb

-=[ Backdoor.Flashback (Russian) ]=-

year 2012
by Dr Web
at N/A
type slides
hash fe06e7340872cb8e008efdc4980bc03387fdea1b83d5b2149661182c91a3379f

-=[ Mac OS X Malware Overview (Russian) ]=-

year 2012
by Ivan Sorokin
at ZeroNights
type slides
hash 000384f992c0e620458954487ba415ed0bff66ba6fca1a349363962601cd7768

-=[ XNU: A security evaluation ]=-

year 2012
by Daan Keuper
at N/A
type thesis
hash 945e293c760785912788dbffd75d78c61e9cecb998a8a3b908408da20d51b622

-=[ Past and Future in OS X Malware ]=-

year 2012
by fG! & noar
at HiTCON
type slides
hash fc2e8135fe7e7fe5ad6d3db726fb8f2985e712429e9ae37eabd46528a9fd6c52

-=[ Playing with OS X - How to start your Apple reverse engineering adventure ]=-

year 2012
by fG!
at Secuinside
type slides
hash 988adf5a8ae5f35623147bbf873acd364183839dfffbf88a5a771c283ee40358

-=[ OS X Malware ]=-

year 2012
by fG! & noar
at Confraria Lisbon
type slides
hash 29809106020e285680b306ad52688c3d4929b990d57371674ebf2e1b07f3d85b

-=[ Destructive DTrace ]=-

year 2013
by Nemo
at Infiltrate
type slides
hash d7e5dcc4517e699dbee6206e59832175a2a6a2f5c5457f9174915194430ec8c4

-=[ Revisiting Mac OS X Kernel Rootkits ]=-

year 2013
by fG!
at SyScan Singapore
type slides
hash 302272d3fb92b937a8bb56687b68a95dd092906fb95efee508fb0b913db3885e

-=[ Mountain Lion and iOS Vulnerabilities Garage Sale ]=-

year 2013
by Stefan Esser
at SyScan Singapore
type slides
hash cd29d3dffe947205ae3bebe4d9ea2804b07f7496ff974e72ec8d0f66f4409055

-=[ Mountain Lion and iOS Vulnerabilities Garage Sale ]=-

year 2013
by Stefan Esser
at SyScan Singapore
type paper
hash 1705d591ef8ac19f6f7bab601d92c628c312941505a868816be4a2caddf2025e

-=[ OS X Hardening – Mountain Lion 10.8 ]=-

year 2013
by ERNW
at N/A
type paper
hash 9af4670eaca77e552d97733c56d18607d1e7102b1cc2bb76956d44a56af0e7eb

-=[ Ninjas and Harry Potter – “Spell”unking in Apple SMC land ]=-

year 2013
by Alex Ionescu
at NoSuchCon
type slides
hash 297ccbf7023b5db8ecc23e9a781cf53c9056fbad67ab565a538045306c76cec1

-=[ OS X Kernel Rootkits ]=-

year 2013
by fG!
at HiTCON
type slides
hash fe797f1663fc8671788f50e5a980ae0940d1d60055128397b57e1bdd8ab51f44

-=[ OS X Rootkits 2 ]=-

year 2013
by fG!
at SyScan360 Beijing
type slides
hash 6d54a2ada61aba55284978afbfdcd9056ffbdc089a7bd5ee0987568f055f6851

-=[ Revisiting Mac OS X Rootkits ]=-

year 2013
by fG!
at NoSuchCon
type slides
hash 41be65b08b86fcf6d44c122336d943d1ac94a9d369888a96d3d00c8f156201aa

-=[ OS X Rootkits 2 ]=-

year 2013
by fG!
at Bsides Lisbon
type slides
hash d220499724469a1c15bfd3476f203294e498224fa82490e3cb4bfb5ddee1af00

-=[ SWGDE Mac OS X Tech Notes ]=-

year 2013
by Scientific Working Group on Digital Evidence
at N/A
type paper
hash 2e3e0c12b4c8c31f9ab4ef97d86d44bba18d5511d416a2822c93c41fff742921

-=[ iSee You: Disabling the MacBook Webcam Indicator Led ]=-

year 2013
by Matthew Brocker & Stephen Checkoway
at N/A
type paper
hash 3a2700bebec1a566697c8b350a11459c3eeb201e34ee404271e75298f3838d88

-=[ Hunting for OS X rootkits in memory ]=-

year 2013
by Cem Gurkok
at HITB
type slides
hash 9bc82dd2c7bfcb298ba40733a2297fc4865aaa3fd4c177f3dd4cc1f2f3a65c3b

-=[ Mining Mach Services within OS X Sandbox ]=-

year 2013
by Meder Kydyraliev
at Ruxcon
type slides
hash d74081cf3366e53bed1fde880eddbcd58672866fbf3a5e44f4d9391fefd44d50

-=[ When Macs get hacked ]=-

year 2013
by Sarah Edwards
at N/A
type slides
hash 39168ba9178f0f2de773bdcac6f5e64a6bb2b99379432f9401d4c9441c287fac

-=[ Funderbolt - Adventures in Thunderbolt DMA Attacks ]=-

year 2013
by Russ Sevinsky
at BlackHat
type slides
hash bc241d8a47ccf57fd763ca3ee2a6e7775d03aa519c291add223d0dc0d922d1aa

-=[ Mach-O Malware Analysis: Combatting Mac OSX/iOS Malware with Data Visualization ]=-

year 2013
by Remy Baumgarten
at Def Con
type paper
hash 5c63eca696272bf25703918a5c3b5559a393c7d5622a394dd8207bdaeca1d676

-=[ MAC OS X: GETTING STARTED WITH USB - AN1105 ]=-

year 2013
by Cypress Perform
at n/a
type paper
hash 3128262acaef460250aa5de8624eb6d9b10923be6f8844e058f71f607d1dcd98

-=[ Reverse Engineering Mac Malware ]=-

year 2014
by Sarah Edwards
at BSides NoLa
type slides
hash 47c62a927844cab3559459642b90f3195a07b17fea3989effcd4af396a8a3f02

-=[ Methods of Malware Persistence on OS X Mavericks ]=-

year 2014
by Patrick Wardle
at Shakacon
type slides
hash 9135ead4f70d97f8fa4345b2107b32e0decc4ddfdd8dce32fbf24c524eda3202

-=[ Methods of Malware Persistence on OS X Mavericks ]=-

year 2014
by Patrick Wardle
at VB
type slides
hash 8e2f80af933041a7348f0fa1a37c03e75b0a09d5b9f5d453e63e031dbdd91ceb

-=[ OS X Yosemite Artifacts – Call history and SMS analysis ]=-

year 2014
by nofate
at N/A
type slides
hash fe907f6aa54ba6adcc57b5e5c269ec4606fd8f88eed8d2b1d1cdf3fd0b648ad7

-=[ BadXNU – A rotten apple! ]=-

year 2014
by fG!
at CODE BLUE
type slides
hash a0d60866c936e4191f5c5a0a220b41377a6b2723498d5d724a0ba3d54824efe9

-=[ In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux ]=-

year 2014
by Andrew Case, Golden G. Richard III
at DFRWS
type paper
hash 1ddd0eee0008fb9756e99dd2a397a4b85daab9c0e6c31fc8bc3ada8fb8ea862a

-=[ Improving Mac OS X Security Through Gray Box Fuzzing Technique ]=-

year 2014
by Various Authors
at EuroSec’14
type paper
hash 667e1f63368af9a7dfd591ee32a4aaae9894bd40a25f29beccbf878dd2e3fe1f

-=[ Rex vs The Romans ]=-

year 2014
by fG!
at SyScan Singapore
type slides
hash 9568a24929797e1cdd02cae2123ad3ec7f39969e5f0130ae3861f793d6d20baf

-=[ Fuck You Hacking Team! - From Portugal, with Love. ]=-

year 2014
by fG!
at Shakacon
type slides
hash 43ab29c8a46f1e553aab8b2d2205fb45b8656fa95f25bb111d1b3e0cf7cdbc19

-=[ Fuck You Hacking Team! - From Portugal, with Love. ]=-

year 2014
by fG!
at SyScan360 Beijing
type slides
hash 74d2cab89c3aff7ecaf85f006c6f86e8c6c89e56359168634d07083728e9fb18

-=[ You can't see me - A Mac OS X Rootkit uses tricks you haven't known yet ]=-

year 2014
by Ming-chieh Pan & Sung-ting Tsai
at BlackHat Asia
type slides
hash 03195c3129c7951720b948df76ec29c0d30a3986670fe7dcf7b8aea4ebb91381

-=[ You can't see me - A Mac OS X Rootkit uses tricks you haven't known yet ]=-

year 2014
by Ming-chieh Pan & Sung-ting Tsai
at BlackHat Asia
type paper
hash 42a61e23d4a048a4b4c222b92968d630925adb0e7cad67e07edb2438d8281323

-=[ Mac OS X Forensics - En Profundidad ]=-

year 2014
by Joaquin Moreno
at RootedCon
type slides
hash 742fcf855b26804ebced206764cbd7847dc6448ed3500029d4154c0ea11e9e5f

-=[ Hunting Mac Malware with Memory Forensics ]=-

year 2014
by Andrew Case
at RSA
type slides
hash 090805e025852cc6830c5e5ce5a0370f4959b21fa7eb138a38f7066d9cac2391

-=[ OSX Malware Plists, Shell Scripts and Object-C Oh-My! ]=-

year 2014
by Amanda Stewart
at MIRcon
type slides
hash ce0e59e99b21d6837f5b61bc07a6dbc734fca28a6acc99d2a4967d055f0c412f

-=[ Playing Hide and Seek with Rootkits in OS X Memory ]=-

year 2014
by Cem Gurkok
at FIRST
type slides
hash 9db4e6f5ec0a362422219d9a3ab686bffd45c107d67a51f3958413d49d8e26dd

-=[ Fuzzing OS X at Scale ]=-

year 2015
by Ben Nagy
at Infiltrate
type slides
hash 1cbb59ba56dedde2f7e0ed37593dbda6c3baccc654f5bf78957d749a5263b13a

-=[ Mac OS X Forensics ]=-

year 2015
by Joaquin Moreno Garijo
at N/A
type paper
hash f529b7e3fe791efbf214a68189ae8d9a4f90871b89cc1f28a4170af29d15a308

-=[ Unauthorized Cross-App Resource Access on MAC OS X and iOS ]=-

year 2015
by Various Authors
at N/A
type paper
hash ece3215f1041638c7e80717f3528c48fffb5d9d0f9b925cd46938a293c3d9f4f

-=[ WRITING BAD @$$ MALWARE FOR OS X ]=-

year 2015
by Patrick Wardle
at Infiltrate
type slides
hash aef5e30aade6477bb3351a6fb7f06242f3440eeec9c487b00753ce73b718bb60

-=[ WRITING BAD @$$ MALWARE FOR OS X ]=-

year 2015
by Patrick Wardle
at BlackHat
type slides
hash 6c4eca77d3fbb6379919947136c28a5a0c6aa60ec6ea35be9c7f9f61be3dcc9d

-=[ DYLIB HIJACKING ON OS X ]=-

year 2015
by Patrick Wardle
at VB
type paper
hash 744c31a3dff52f2dd39eedac05356ba50532a119ade81ac0b670bffc448f7e3a

-=[ Exposing Gatekeeper ]=-

year 2015
by Patrick Wardle
at VB
type slides
hash 1548d093d53cb83b68042952abd23238bd1c728071c159becef224d1a4ba1df3

-=[ Thunderstrike 2: Sith Strike (draft version) ]=-

year 2015
by Trammmell Hudson, Corey Kallenberg & Xeno Kovah
at BlackHat
type slides
hash e13704d453748f03908fb2744af936760b182c9528564d7da0424fe6ce998018

-=[ Thunderstrike 2: Sith Strike ]=-

year 2015
by Trammmell Hudson, Corey Kallenberg & Xeno Kovah
at BlackHat
type slides
hash f6564f3811fd1fef7f7a0928710defe26bfab14501791fd7b899b7997de62ccb

-=[ Thunderstrike 2: Sith Strike – A MacBook firmware worm ]=-

year 2015
by Trammmell Hudson, Corey Kallenberg & Xeno Kovah
at HITB GSEC
type slides
hash 820a8a182b14f478d0c63667303cad70ccbe66438bdcf2e2f3d5de5fc1fe5354

-=[ Is there an EFI monster inside your apple? ]=-

year 2015
by fG!
at 44CON
type slides
hash fafab87747d3804576bd730a5064f8f2a886286cc1fe55e2ab45b5d6a50cf734

-=[ Is there an EFI monster inside your apple? ]=-

year 2015
by fG!
at SyScan360 Beijing
type slides
hash b001cbed3b698401bb727a7519daaafb308b03630a1196f9fd4a8abb6b7a345f

-=[ Is there an EFI monster inside your apple? ]=-

year 2015
by fG!
at CODE BLUE"
type slides
hash e7da969838c9febe2fa824234b945c6fd8adc244f41703273e0efdb6a25e492d

-=[ OS X Kernel is As Strong as its Weakest Part ]=-

year 2015
by Liang Chen and ShuaiTian Zhao
at POC
type slides
hash e85e6888cdd01d746688fb018bd791d92e2527043c7dcb46c8801e2bdcbe4a3a

-=[ BadXNU – A rotten apple! ]=-

year 2015
by fG!
at SyScan
type slides
hash 785bd71c56a1eee59dc2a5d841795ef82612ba04a5f7d1b31a3b2fa4cb78f950

-=[ Is there an EFI monster inside your apple? ]=-

year 2015
by fG!
at No cON Name
type slides
hash 7747ce3806b4395d256277d123aaa3cb2b7a2fa9b2ecfb49a4c2d8011b52df02

-=[ BadXNU – A rotten apple! ]=-

year 2015
by fG!
at No cON Name
type slides
hash ab5b6862c43078a9cb86e1b5f8786f9df3653ebabf3a1930e1a4172805f7ea41

-=[ IPv6 Hardening Guide for OS X ]=-

year 2015
by ERNW
at N/A
type paper
hash bfd0cf9a0f78080cb7e316ed47fa632e59178bf5f2d56411a1a092332a741eac

-=[ DTrace + OS X = Fun ]=-

year 2015
by Andrezj Dyjak
at Confidence
type slides
hash 21d026accb27745f3ba29b2746fcd7964dc5c7e2c816f8967ff87db9d7236b7b

-=[ Advancing Mac OS X rootkit detection ]=-

year 2015
by Andrew Case, Golden G. Richard III
at DFRWS
type paper
hash 8087e827c229ed50a7d8d5e52fdcfba34044ee43e410f3b7ac2081f833aa4516

-=[ Code Signing – Hashed Out ]=-

year 2015
by Jonathan Levin
at RSA
type slides
hash 9a7e284d760073db1c003f63153ebd666cb4fa195b2b1edb6e8fb0fd6b4b8541

-=[ Escalating privileges on OS X and iOS – IOKit edition ]=-

year 2015
by Ian Beer
at SyScan
type slides
hash 1f349be7520229f22f7ba742c4ee7d1364f22069ae75e896d05ee3d893dae93a

-=[ Auditing and Exploiting Apple IPC ]=-

year 2015
by Ian Beer
at JailBreak Security Summit
type slides
hash 026083424cae87b937761e6376301b913031f7e61b8cef71baf608d98f66bd41

-=[ BadXNU, a rotten apple! ]=-

year 2015
by fG!
at BSides Lisbon
type slides
hash fcf223d11009fdcc0bdc9aae3bdef47095cfe3ffecc434ce5766fd0112d67d3a

-=[ Is there an EFI Monster inside your apple? ]=-

year 2015
by fG!
at Secuinside
type slides
hash 544396ec92b28b71afabf62acc7f980517493ab0e99ca7d3c8932be047027b4e

-=[ Attacking the XNU Kernel in El Capitan ]=-

year 2015
by Luca Todesco
at BlackHat EU
type slides
hash 584e966fad83cbef379da62775116910fbe0c94ae93c4a5dc4daaa6a16dd2d82

-=[ DLL Hijacking on OS X ]=-

year 2015
by Patrick Wardle
at n/a
type slides
hash 06eee5e33fcfd3f11f96811c7ffb65b6b9418c2cd20434b223613f6f0ae3c3e7

-=[ Memory Corruption is for Wussies! ]=-

year 2016
by fG!
at SyScan360 Singapore
type slides
hash fd674de59896121d15100c5cb74aa09c827caaa3f439f29d011f44f7ef3cd785

-=[ Don’t Trust Your Eye: Apple Graphics is Compromised! ]=-

year 2016
by Liagn Chen, Marco Grassi, Qidan He
at CanSecWest
type slides
hash 074909f59a442817057efe82bd088d2e70eb3a7b9931695af8634610977a6302

-=[ OS X El Capitan sinking the Ship ]=-

year 2016
by Stefan Esser
at SyScan360 Singapore
type slides
hash 35d97c449073cfeac6fd2789b752eb5716f1b5d39143c655c4125d546c08f6fb

-=[ 50 Shades of Fuzzing ]=-

year 2016
by Peter Hlavaty & Marco Grassi
at Shakacon
type slides
hash c0794b96400d2ed883dabf635005529df1a245a493b9f06a46b05848c1c0e4c3

-=[ Let’s Play Doctor – Practical OS X Malware Detection & Analysis ]=-

year 2016
by Patrick Wardle
at Shakacon
type slides
hash 97c21e3507f630e1eb708026c69e7be6e1d470a24fcb429df5a68ec33ffa3d9e

-=[ Let’s Play Doctor – Practical OS X Malware Detection & Analysis ]=-

year 2016
by Patrick Wardle
at RSA
type slides
hash 7cca5927b3ab2ff51f32b41b8b5d7c15d2b901fe797280d4f9a6150996172393

-=[ In the Zone: OS X Heap Exploitation ]=-

year 2016
by Tyler Bohan
at SummerCon
type slides
hash 2819e516b8b575ccec5edcc4ccc06a696e4a1fcefd2b683ad0fbf85cde48104b

-=[ Detecting malicious behaviour using system calls ]=-

year 2016
by Vincent Van Mieghem
at N/A
type thesis
hash bc30802c78e91542d84f13973948e3ca233577631ff3c3e47f3b2d04be5ae6ab

-=[ SUBVERTING APPLE GRAPHICS: PRACTICAL APPROACHES TO REMOTELY GAINING ROOT ]=-

year 2016
by Liang Chen, Qidan He, Marco Grassi, Yubin Fu
at BlackHat
type slides
hash 9237a065b9b75ebb10390cdb47f368f7cedbf1cbba22acf457c5c1bde3dadc85

-=[ SUBVERTING APPLE GRAPHICS: PRACTICAL APPROACHES TO REMOTELY GAINING ROOT (BH site version) ]=-

year 2016
by Liang Chen, Qidan He, Marco Grassi, Yubin Fu
at BlackHat
type slides
hash 816768020ac080dd1de5fe5ae9ca8fe46985e9ff911a4fbffc3f05f915ebffc4

-=[ SUBVERTING APPLE GRAPHICS: PRACTICAL APPROACHES TO REMOTELY GAINING ROOT ]=-

year 2016
by Liang Chen, Qidan He, Marco Grassi, Yubin Fu
at BlackHat
type paper
hash b90c397f889f95ee66e2907ddd178e253090aafc4619e1942b10ecefd2c18f2f

-=[ The Python Bites Your Apple - Fuzzing and Exploiting OS X Kernel Bugs ]=-

year 2016
by Flanker
at XKungfoo
type slides
hash 2a80304a594498afdbe86cf83468f7d5a0be1b72720c71fc4659cdfd8e15c071

-=[ OS X Vulnerability Research and Why We Wrote our Own Debugger ]=-

year 2016
by Tyler Bohan, Brandon Edwards
at Shmoocon
type slides
hash fbd7cb9921991fdacddbab3ec9e68585c84dcbc3d2a5cea0c60a659c185d921c

-=[ Shooting the OS X El Capitan Kernel Like a Sniper ]=-

year 2016
by Liang Chen, Qidan He
at ReCon
type slides
hash ee37a51aee19514adbd7c60dc7e836f5c834be3c0c605c07de094029bd00b27a

-=[ I got 99 problems, but Little Snitch ain't one! ]=-

year 2016
by Patrick Wardle
at Def Con
type slides
hash 3772c853f8dad2a867b9d52eaf29b9011ae0cdf3ed03a2cf820612c7005de8eb

-=[ Escaping the sandbox by not breaking it ]=-

year 2016
by Marco Grassi, Qidan He
at Def Con
type slides
hash cbef9aac1349afd0b16d77c425f582642d6088f9fe183001f856ca39cd120f27

-=[ Mach-O Libre - Pile driving Apple Malware with Static Analysis, Big Data, & Automation ]=-

year 2016
by Aaron Stephens, Will Peteroy
at FIRST
type slides
hash 5a1d7978f9e8a658df61a13cb4afc78c5b87c2653a1482cfd1b736ac6777a37e

-=[ Swift Reversing ]=-

year 2016
by Ryan Stortz
at Infiltrate
type slides
hash 903836f2b7a2218bf8533d719542a4bb2019370508692b28883cb60e7b8aa05a

-=[ Reverse Engineering Swift Apps ]=-

year 2016
by Michael Gianarakis
at HITB GSEC
type slides
hash 062bfbde287b2e32e9f9fec08e85329f6368ab4f521255526533e26f6bd251c1

-=[ Hack in the (sand)Box - The Apple Sandbox - five years later ]=-

year 2016
by Jonathan Levin
at HITB GSEC
type slides
hash 2c23141f590208898e42c40ac002f04a28d5cdd6a90977bacfa924dc8a4eb06f

-=[ Meet & Greet with the Mac Malware Class of 2016 ]=-

year 2016
by Patrick Wardle
at HITB
type slides
hash 3cbdb2e712a5cb1d3607bed2fc86ec92ff0f50d51ac37ed503462b95986f32b0

-=[ Who’s Breaking into Your Garden iOS and OS X Malware You May or May Not Know ]=-

year 2016
by Claud Xiao
at Bsides San Francisco
type slides
hash 49aaaf8d0b58aaefc1363fa1e7b47c7e90bc5ca6e062e3110529a461e69072ce

-=[ ANALYSIS & CORRELATION OF MAC LOGS ]=-

year 2016
by Sarah Edwards
at n/a
type slides
hash bd6f4cc7e661a4077a1f684c283f793a7d14957608384bec7c084288c69acf30

-=[ Strolling into Ring-0 via i/o kit drivers ]=-

year 2016
by Patrick Wardle
at Ekoparty
type slides
hash e16b0770cd853598ca22c7a0a8e14bb6ee086a61f66702dd2474f89e5f7db66d

-=[ Gatekeeper exposed ]=-

year 2016
by Patrick Wardle
at n/a
type slides
hash db588115891b867b15a6aac4fd8ffe1f9f2763fb7fe13fcc82969b8ed74c58fe

-=[ Mac OS X : System Integrity Protection ]=-

year 2016
by Nicolas RUFF
at SSTIC
type slides
hash 7c5516047ccdce15712bfa617db00f400654a2241e69bcda526624c4bfa67c41

-=[ Fuzzing and Exploiting OSX Vulnerabilities for Fun and Profit ]=-

year 2016
by Moony Li & Jack Tang
at PacSec
type slides
hash 6165ed0be3234e6e68d7ea3019599ff5b51c51f5eead569d450662974fee3f2f

-=[ Dissecting the APT28 Mac OS X Payload ]=-

year 2017
by Bitdefender
at n/a
type paper
hash f9270f6b08b86254e56143844daa86c738ca771345bf6365530ae49449005497

-=[ CRAFTING MACOS ROOT KITS - Come for the Tradecraft, Stay for the Code ]=-

year 2017
by Jonathan Zdziarski
at n/a
type slides
hash e52b1a653f283bf2ef4719cfdbadcecbd28f4ecf3148f7b6d5ee40df3947bf74

-=[ Mac OS X and iOS Forensics - LOOKING INTO THE PAST WITH FSEVENTS ]=-

year 2017
by Nicole Ibrahim
at SANS DFIR SUMMIT
type slides
hash bcff68ede12180f3eb45482a40ee50b0fbe9389d37cf8cb606160568ddf13775

-=[ Oversight - exposing spies on macOS ]=-

year 2017
by Patrick Wardle
at HITB
type slides
hash 4785e2868d4a4870e4c22a200f0817e91c8ec4dc5562fb6f79ea4aebe0cb0732

-=[ The Apple of Your EFI - Findings From an Empirical Study of EFI Security ]=-

year 2017
by Rich Smith, Pepijn Bruienne
at n/a
type paper
hash a0ad692c088ad03e53f32200f21d0b202ec93d593bb3116a5af22b14df92c7f7

-=[ LOGS UNITE! FORENSIC AN ALYSIS OF APPLE UNIFIED LOGS ]=-

year 2017
by Sarah Edwards
at n/a
type slides
hash 374c1f1801cf8db131621d075c74d44c92641f0413e95b052ef65fd3aefb6724

-=[ Playing with Mach-O and DYLD ]=-

year 2017
by Stanislas Lejay
at n/a
type slides
hash fde5b0cfc6bcce4c4336dbf340dacd453d1cae418c8ad1fdcadd68f67ffb8569

-=[ macOS Logs - ASL to Unified Logging ]=-

year 2017
by Nic Scott
at n/a
type slides
hash febe66e58cdb65dfc0eba2129deb2472ee722f1a77e5fa8c236ffd4e43cf8698

-=[ Biting the Apple that feeds you ]=-

year 2017
by Alex Plaskett, James Loureiro
at 44Con
type slides
hash 7e3172cd55a5ba3c0ec406a4adbaa7b73421a60b2552ccd887ed7bc3d409034c

-=[ Exploitations of Uninitialized Uses on macOS Sierra ]=-

year 2017
by Zhenquan Xu, Gongshen Liu & Tielei Wang, Hao Xu
at Woot
type slides
hash 2b3dde30bc15fd18e1258f9b30e7ffec5fedbd54810167726325bdcf9397d5f9

-=[ Synthetic Reality - Breaking macOS one click at a time ]=-

year 2018
by Patrick Wardle
at Syscan 360
type slides
hash 8399646f552d20e2118265380fccd25b6d08d938f6440d42aab7f5d954e2a69e

-=[ Code signing flaws in macOS ]=-

year 2018
by Thomas Reed
at unknown
type slides
hash 4b4f6899a3c3629312bdf11627aa269ab30f77c8d929541be12c2cd178cf02c9

-=[ Mac-A-Mal: An Automated Framework for Mac Malware Hunting ]=-

year 2018
by Pham Duy Phuc and Fabio Massacci
at BlackHat Asia
type slides
hash 24e59bdf71ceadf13b8b219e7e1b705a55a14a38767cf0d7ef9a286549c51760

-=[ Mac-A-Mal: An Automated Framework for Mac Malware Hunting ]=-

year 2018
by Pham Duy Phuc and Fabio Massacci
at BlackHat Asia
type paper
hash b30e24735de4e1ec3abf9b29cf166b3a60040183ac7d4e890d0bad7215cf617f

-=[ Apple Safari - Wasm Section Exploit ]=-

year 2018
by Alex Plaskett, Fabian Beterke Georgi Geshev
at n/a
type paper
hash ed96fd89dfe69450df3a906428b19f059e47545d84dd6392c183e19c461632e5

-=[ Fire & Ice making and breaking mac firewalls ]=-

year 2018
by Patrick Wardle
at Def Con 26
type slides
hash a010088ec8e02d45d18c98bb1904b66165b094f807ebc2943370a18d42f97342

-=[ The Mouse is mightier than the sword ]=-

year 2018
by Patrick Wardle
at Def Con 26
type slides
hash 8e4262d62d25d69ae6d480489fa7bca6ebc4ae6e09c9f71be519d27a5a9fffaa

-=[ Attacking the Graphics macOS Kernel Driver ]=-

year 2018
by wang yu
at Def Con 26
type slides
hash 138a4cc880d78de623e4c1def0616cbee9f7887ee70aeeccf7b5b04fecb5c7fb

-=[ Modern macOS Security ]=-

year 2018
by Mikey
at Bsides MCR
type slides
hash 2fa773055ba7300e1b8a19a784ad6cb5da98730d7d4df9f0de1c562178552399

-=[ Heapple Pie - The macOS/iOS default heap ]=-

year 2018
by Eloi Benoist-Vanderbeken
at Sthack
type slides
hash e95b09ae634c6b1ccaf82fc7c2bbf9b6847f8bf2ababe4223539aa1f576ebd29