Arm'd and Dangerous

Presented at Black Hat USA 2021, Aug. 5, 2021, 3:20 p.m. (40 minutes).

<div><span>Apple's new M1 systems offer a myriad of benefits ...for both macOS users, and unfortunately, to malware authors as well.</span></div><div><span><br></span></div><div><span>In this talk we detail the first malicious programs compiled to natively target Apple Silicon (M1/arm64), focusing on methods of analysis. </span></div><div><span><br></span></div><div><span>We'll start with a few foundation topics, such as methods of identifying native M1 code (which will aid us when hunting for M1 malware), as well as introductory arm64 reversing concepts. </span></div><div><span><br></span></div><div><span>With an uncovered corpus of malware compiled to natively run on M1 (and in some cases notarized by Apple!), we'll spend the remainder of the talk demonstrating effective analysis techniques, including many specific to the analysis of arm64 code on macOS. </span></div><div><span><br></span></div><div><span>Armed with this information and analysis techniques, you'll leave a proficient macOS M1 malware analyst!</span></div>

Presenters:

  • Patrick Wardle - Founder, Objective-See
    Patrick Wardle is the founder of Objective-See. Having worked at NASA and the NSA, as well as presenting at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware, and writing free open-source security tools to protect Mac users.

Links:

Similar Presentations: