Userland Persistence on Mac OS X "It Just Works"

Presented at ShmooCon XI (2015), Unknown date/time (Unknown duration)

Got root on OSX? Do you want to persist between reboots and have access whenever you need it? You do not need plists, new binaries, scripts, or other easily noticeable techniques. Kext programming and kernel patching can be troublesome! Leverage already running daemon processes to guarantee your access.

As the presentation will show, if given userland administrative access (read: root), how easy it is to persist between reboots without plists, non-native binaries, scripting, and kexts or kernel patching using the Backdoor Factory.

Presenters:

• Joshua Pitts
  Joshua Pitts is a pentester and reverse engineer for Leviathan Security Group. Josh has been working in Infosec for some time, first trying to secure Win 3.1.1 and NT 4.0 enterprise machines while in the Marines in 1998, which was a hilarious experience. Josh currently develops open source projects which include 'The Backdoor Factory' (BDF) and BDFProxy.

Similar Presentations:

• DEF CON 17 (2009) / Runtime Kernel Patching on Mac OS X
• Black Hat USA 2016 / Adaptive Kernel Live Patching: An Open Collaborative Effort to Ameliorate Android N-Day Root Exploits