Getting Cozy with Auditing on macOS (the good, the bad, & the ugly)
Slides [PDF]:

Recently I presented some research at ShmooCon and OPCDE about auditing on macOS:

Sure, auditing might not seem like the sexiest of topics - but it is extremely useful for malware analysis, forensics/IR, and for creating security tools. Also if you're a hacker - you'll want to know about auditing to avoid detection ;) 

Also covered in my talk are a handful of kernel bugs I discovered during a previous audit of the audit subsystem (yes, quite meta): a subtle off-by-one read error, a blotched patch that turned the off-by-one into a kernel info leak, and finally an exploitable heap overflow. 

If you're interested in the slides from my talk, you can find them here ( ) or watch a recording of the ShmooCon talk on YouTube



Tier Benefits
Recent Posts