Getting Cozy with Auditing on macOS (the good, the bad, & the ugly)
Slides [PDF]: https://objective-see.com/talks/Wardle_ShmooCon2018.pdf
Video: https://www.youtube.com/watch?v=CqlpJ7rIT6M 

Recently I presented some research at ShmooCon and OPCDE about auditing on macOS:

Sure, auditing might not seem like the sexiest of topics - but it is extremely useful for malware analysis, forensics/IR, and for creating security tools. Also if you're a hacker - you'll want to know about auditing to avoid detection ;) 

Also covered in my talk are a handful of kernel bugs I discovered during a previous audit of the audit subsystem (yes, quite meta): a subtle off-by-one read error, a blotched patch that turned the off-by-one into a kernel info leak, and finally an exploitable heap overflow. 

If you're interested in the slides from my talk, you can find them here ( https://objective-see.com/talks/Wardle_ShmooCon2018.pdf ) or watch a recording of the ShmooCon talk on YouTube

Enjoy!

-patrick

Tier Benefits
Recent Posts