|
Title: You Can’t See Me: A Mac OS X Rootkit Uses the Tricks You Haven’t Known Yet Post by: HCK on September 26, 2023, 04:05:22 pm You Can’t See Me: A Mac OS X Rootkit Uses the Tricks You Haven’t Known Yet
During their presentation at Black Hat Asia 2014, researchers from Team T5 Sung-ting Tsai and Ming-chieh Pan demonstrate some tricks for advanced process hiding in Mac OS X. In essence, this is activity powered by a rootkit, such as Rubilyn, which can make an arbitrary process not visible in the standard way. TT and Nanika also highlight methods for direct kernel task access and gaining root permission. Source: You Can’t See Me: A Mac OS X Rootkit Uses the Tricks You Haven’t Known Yet (https://macsecurity.net/view/73-you-cant-see-me-a-mac-os-x-rootkit-uses-the-tricks-you-havent-known-yet) |