Presented at
REcon 2023,
June 9, 2023, 4:30 p.m.
(60 minutes).
Record/replay or "time travel" debuggers let developers record a trace of a program's execution and later replay it, allowing them to revisit past execution states and diagnose bugs that may be difficult to reproduce. These tools have existed on Linux and Windows for many years, however no such tool has ever been created for macOS. In this talk, we'll present our work towards creating a record/replay tool for macOS, describing the macOS-specific internals required to create it, why existing tools can't simply be ported, and some of the challenges that come up in creating this type of tool from scratch.
Presenters:
-
Pete Markowsky
Pete is a well-known member of the information security community. His background is primarily in low-level systems, exploitation, and building tools to monitor operating systems. He is currently working at Google on their Security Endpoints Agents.
-
Nick Gregory
Nick is a software engineer at Google working on macOS and Linux endpoint security systems. He was previously a senior threat researcher at Capsule8 (acquired by Sophos), focusing on Linux server defense. His background is primarily in low-level systems and kernel exploitation research. Nick is also a Hacker in Residence and former student of NYU Tandon School of Engineering’s OSIRIS Lab.
Links:
Similar Presentations: