OSX Vulnerability Research and Why We Wrote Our Own Debugger

Presented at ShmooCon XII (2016), Jan. 16, 2016, 4 p.m. (60 minutes)

Although OSX has had a large gain in popularity, its underlying workings are still unknown to many. In this talk we will discuss OSX internals and how they relate to security research. Specifically, we will discuss the debugging functionality provided (or missing) on OSX, how it differs from other platforms, and the resulting state of tools (LLDB) unwieldy for many security research tasks on modern OSX. For this talk we will open source our private OSX Python scriptable debugger as a lightweight, easy-to-use programmatic alternative to the awkwardness of LLDB scripting. We will showcase the advantages of a proper scriptable debugger along with features not seen in LLDB, and demonstrate examples for vulnerability research and malware analysis.

Presenters:

• Brandon Edwards
  Brandon Edwards and Tyler Bohan work as security researchers for BAE Systems, where they work on vulnerability analysis and mitigation. Their backgrounds include reverse-engineering, vulnerability discovery, exploitation, and development.
• Tyler Bohan
  Brandon Edwards and Tyler Bohan work as security researchers for BAE Systems, where they work on vulnerability analysis and mitigation. Their backgrounds include reverse-engineering, vulnerability discovery, exploitation, and development.

Links:

• https://infocon.org/cons/ShmooCon/ShmooCon 2016/Osx Vulnerability Research And Why We Wrote Our Own Debugger.mp4
• https://infocon.org/cons/ShmooCon/ShmooCon 2016/Osx Vulnerability Research And Why We Wrote Our Own Debugger.srt (subtitles)

Similar Presentations:

• DerbyCon 8.0 Evolution (2018) / OSX/Pirrit - Reverse engineering mac OSX malware and the legal department of the company who makes it
• DerbyCon 8.0 Evolution (2018) / Pwning in the Sandbox: OSX Macro Exploitation & Beyond
• Kiwicon X: The Truth is In Here (2016) / Attacking OSX for fun and profit