OSX Vulnerability Research and Why We Wrote Our Own Debugger

Presented at ShmooCon XII (2016), Jan. 16, 2016, 4 p.m. (60 minutes)

Although OSX has had a large gain in popularity, its underlying workings are still unknown to many. In this talk we will discuss OSX internals and how they relate to security research. Specifically, we will discuss the debugging functionality provided (or missing) on OSX, how it differs from other platforms, and the resulting state of tools (LLDB) unwieldy for many security research tasks on modern OSX. For this talk we will open source our private OSX Python scriptable debugger as a lightweight, easy-to-use programmatic alternative to the awkwardness of LLDB scripting. We will showcase the advantages of a proper scriptable debugger along with features not seen in LLDB, and demonstrate examples for vulnerability research and malware analysis.

Presenters:

  • Brandon Edwards
    Brandon Edwards and Tyler Bohan work as security researchers for BAE Systems, where they work on vulnerability analysis and mitigation. Their backgrounds include reverse-engineering, vulnerability discovery, exploitation, and development.
  • Tyler Bohan
    Brandon Edwards and Tyler Bohan work as security researchers for BAE Systems, where they work on vulnerability analysis and mitigation. Their backgrounds include reverse-engineering, vulnerability discovery, exploitation, and development.

Links:

Similar Presentations: