Hiding from the Investigator: Understanding OS X and iOS Code Signing to Hide Data

Presented at ShmooCon XII (2016), Jan. 15, 2016, 6 p.m. (30 minutes).

To hide data from a the forensic practitioner you need to exploit either a gap in their knowledge, their processes, and/or their tools. This is a talk about all three in regards to Apple OS X and iOS code signing. Much research has been conducted around code signing with respect to preventing malicious code execution at binary load time. This strictly about forensics, binary tampering, and data smuggling.


Presenters:

  • Joshua Pitts
    Josh Pitts (@midnite_runr) likes to write code that patches code with other code via The Backdoor Factory. Sometimes this leads to the discovery of funny bugs and to Russians patching stuff over the Internet. He has worked for the military, the US government, private consulting, and startups doing pentesting, defending networks, designing secure systems, and breaking security products.

Links:

Tags:

Similar Presentations: