Specific Mac OS X Malware examples and how they function, including Flashback, Crisis, Janicab, Yontoo, and rogue AV products.
Methods of getting code to persistently run on reboot and user log in, including kernel extensions, launch daemons, cron jobs, launched, and startup & login items.Understanding the Mac boot process, from firmware to Mac OS X.Background on Mac OS X built-in protection methods, including GateKeeper, Xprotect, sandboxing, and code signing.The excellent document, titled “METHODS of MALWARE PERSISTENCE on OS X”, is broken into five major parts: That’s what this excellent presentation from Patrick Wardle, the Director of Research at Synack, a cyber security solutions provider, explains quite well, offering a thoughtful and detailed look of the current security implementations built into Mac OS X, and how they could be circumvented by malicious intent to attack a Mac.Īdditionally, the Synack overview goes further and provides an open source script called KnockKnock, which displays all Mac OS X binaries that are set to execute upon system boot, potentially helping advanced users to examine and verify if anything shady is running on a Mac.
0 kommentar(er)
