mac osx逆向工程_mac os逆向-CSDN博客

Mac OS X

YEAR	NAME	AUTHOR(S)	CONFERENCE
2003
	Dynamically Overriding Mac OS X	Jonathan Rentzsch	N/A
	A Debugger with Gui in OS X	Ivan Krizsan	N/A
2004
	Practical Mac OS X Insecurity	Angelo Laub	CCC
2005
	MacOS Kernel Insecurity	Ilja van Sprundel & Christian Klein	N/A
	Infecting the Mach-O Object Format	Nemo	N/A
	Hacking Mac OS X Kernel for unsupported machines	Ryan Rempel	N/A
	FireWire: All your memory are belong to us	Michael Becher & Maximillian Dornseif & Christian N. Klein	Cansecwest
2006
	Breaking Mac OS X	Nemo, Ilja van Sprundel	N/A
	Abusing Mach on Mac OS X	Nemo	N/A
	Hit by a Bus: Physical Access Attacks with Firewire	Adam Boileau	Ruxcon
	Hardware Virtualization Rootkits	Dino Dai Zovi	BlackHat
	Discovering Mac OS X Weaknesses	Jay Beale	Def Con 14
2007
	Hacking Leopard	Charlie Miller & Jake Honoroff	N/A
	Inside the Mac OS X Kernel	Lucy	24C3 2007
2008
	Hacking OS X	Charlie Miller	BH Japan 08
	Dtrace The Reverse Engineer’s Unexpected Swiss Army Knife	Tiller Beauchamp & David Weston	BH US 08
	iRK – Crafting OS X Kernel Rootkits	Jesse D’Aguanno	BH US 08
	RETrace – Applied Reverse Engineering on OS X	Tiller Beauchamp & David Weston	Defcon 16
	Under the iHood	Cameron Hotchkies	Recon 2008
	Covering the tracks on Mac OS X Leopard	Charles Scott	N/A
	OS X Rootkits – the next level	Alfredo Pesoli	LaCon 2008
	How the Leopard hides his spots	The Gruqq	HITB KL
2009
	Advanced Mac OSX Rootkits (paper)	Dino Dai Zovi	N/A
	Advanced Mac OS X Rootkits	Dino Dai Zovi	N/A
	Runtime Kernel Patching on OS X	Bosse Eriksson	Defcon 17
	Mac OS Xploitation	Dino Dai Zovi	N/A
	Dynamic Tracing for Exploitation and Fuzzing	Tiller Beauchamp & David Weston	Shakacon 2009
	Mac OS X Malware Analysis	Joel Yonts	N/A
	Objective-c Internals	André Pang	N/A
	Hacking Macs for Fun and Profit	Dino Dai Zovi & Charlie Miller	CSW 2009
	Mac OS Xploitation	Dino Dai Zovi	Source 2009
	Debugging Cocoa with DTrace	Colin Wheeler	N/A
	Let your Mach-O fly	Vincenzo Iozzo	BH DC 09
	Dynamically Overriding Mac OS X – Down the Rabbit Hole	Jonathan Rentzsch	N/A
	Encryption Wrapper on OSX.pdf	Unknown	N/A
2010
	Function hooking for OSX and Linux	Joe Damato	N/A
	Mac Os X Hacking Snow Leopard edition	Charlie Miller	N/A
	Advanced Mac OS X Physical Memory Analysis	Matthieu Suiche	BH DC 2010
	Advanced Mac OS X Physical Memory Analysis (paper)	Matthieu Suiche	BH DC 2010
	Post exploitation techniques on OSX and Iphone	Vincenzo Iozzo	EUSecwest
	Programacion de rootkits en Mac OS X.pdf	Fernando López Hernández	N/A
	Hacking at Mach speed	Dino Dai Zovi	N/A
	Mac OS X Return Oriented Exploitation	Dino Dai Zovi	N/A
	Having Fun with Apples IOKit	Ilja van Sprundel	N/A
2011
	Defiling Mac OS X Kernel Rootkits	Snare	Ruxcon 2011
	Hacking at Mach2	Dino Dai Zovi	N/A
	The Apple Sandbox (paper)	Dionysus Blazakis	BH DC 2011
	The Apple Sandbox	Dionysus Blazakis	BH DC 2011
	Battery Firmware Hacking	Charlie Miller	N/A
	Macs in the Age of APT	iSEC Partners	BH USA 2011
	Protecting the core – Kernel Exploitation mitigations	Patroklos Argyroudis & Dimitris Glynos	BH EU 2011
	Protecting the core – Kernel Exploitation mitigations (paper)	Patroklos Argyroudis & Dimitris Glynos	BH EU 2011
2012
	Syscan12 – DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS	Snare	Syscan Singapore 12
	Hack Mac OS X – Tips and tricks for Mac OS X hack	sud0man	GSDays 2012
	Ruxcon – DE MYSTERIIS DOM JOBSIVS: MAC EFI ROOTKITS	Snare	Ruxcon
	How to re-engineer OSX to behave the way you want	Stephen Sykes	CodeBits 2012
	Mac Memory Analysis with Volatility	Andrew Case	DFIR Summit
	OS/X Flashback	ESET	N/A
	When Macs Get Hacked	Sarah Edwards	DFIR Summit
	Analysis & Correlation of Mac Logs	Sarah Edwards	DFIR Summit
	Infiltrate the Vault – Security Analysis and Decryption of Lion Full Disk Encryption	Omar Choudary & Felix Grobert & Joachim Metz	N/A
	FORENSIC MEMORY ANALYSIS FOR APPLE OS X	Andrew F. Hay	N/A
	EFI Rootkits	Andreas Galauner	SIGINT
	DE MYSTERIIS DOM JOBSIVS Mac EFI Rootkits (paper)	Snare	Black Hat
	DE MYSTERIIS DOM JOBSIVS Mac EFI Rootkits	Snare	Black Hat
	FLASHBACK OS X MALWARE (paper)	Broderick Ian Aquilino	VB2012
	FLASHBACK OS X MALWARE	Broderick Ian Aquilino	VB2012
	Backdoor.Flashback (Russian)	Dr Web	N/A
	Mac OS X Malware Overview (Russian)	Ivan Sorokin	ZeroNights
	XNU: A security evaluation	Daan Keuper
2013
	Destructive DTrace	Nemo	Infiltrate13
	Revisiting Mac OS X Kernel Rootkits	fG!	SyScan13
	Mountain Lion and iOS Vulnerabilities Garage Sale	Stefan Esser	SyScan13
	Mountain Lion and iOS Vulnerabilities Garage Sale (whitepaper)	Stefan Esser	SyScan13
	OS X Hardening – Mountain Lion 10.8	ERNW	N/A
	Ninjas and Harry Potter – “Spell”unking in Apple SMC land	Alex Ionescu	No Such Con
2014
	Reverse Engineering Mac Malware	Sarah Edwards	BsidesNoLA
	Methods of Malware Persistence on OS X Mavericks	Patrick Wardle	Shakacon
	Methods of Malware Persistence on OS X Mavericks	Patrick Wardle	VB2014 Seattle
	OS X Yosemite Artifacts – Call history and SMS analysis	nofate	N/A
	BadXNU – A rotten apple!	fG!	CODE BLUE
	In lieu of swap: Analyzing compressed RAM in Mac OS X and Linux	Andrew Case, Golden G. Richard III	DFRWS
2015
	Fuzzing OS X at Scale	Ben Nagy	Infiltrate
	Mac OS X Forensics	Joaquin Moreno Garijo	N/A
	Unauthorized Cross-App Resource Access on MAC OS X and iOS	Various Authors	N/A
	WRITING BAD @$$ MALWARE FOR OS X	Patrick Wardle	Infiltrate
	WRITING BAD @$$ MALWARE FOR OS X	Patrick Wardle	BlackHat US
	DYLIB HIJACKING ON OS X	Patrick Wardle	Virus Bulletin
	Exposing Gatekeeper	Patrick Wardle	VB2015 Prague
	Thunderstrike 2: Sith Strike (draft version, briefly available)	Trammmell Hudson, Corey Kallenberg & Xeno Kovah	BlackHat US
	Thunderstrike 2: Sith Strike (final version)	Trammmell Hudson, Corey Kallenberg & Xeno Kovah	BlackHat US
	Thunderstrike 2: Sith Strike – A MacBook firmware worm	Trammmell Hudson, Corey Kallenberg & Xeno Kovah	HITB GSEC
	Is there an EFI monster inside your apple?	fG!	44CON
	Is there an EFI monster inside your apple?	fG!	SyScan360 Beijing
	Is there an EFI monster inside your apple?	fG!	CODE BLUE
	OS X Kernel is As Strong as its Weakest Part	Liang Chen and ShuaiTian Zhao	POC
	BadXNU – A rotten apple!	fG!	SyScan
	Is there an EFI monster inside your apple?	fG!	No cON Name
	BadXNU – A rotten apple!	fG!	No cON Name
	IPv6 Hardening Guide for OS-X	ERNW	N/A
	DTrace + OS X = Fun	Andrezj Dyjak	Confidence
	Advancing Mac OS X rootkit detection	Andrew Case, Golden G. Richard III	DFRWS
	Code Signing – Hashed Out	Jonathan Levin	RSA
2016
	Memory Corruption is for Wussies!	fG!	SyScan360 Singapore

iOS

YEAR	NAME	AUTHOR(S)	CONFERENCE
2008
	Primer on Reversing Jailbroken iPhone Native Applications	Shub-Nigurrath	N/A
2009
	Fun and Games with Mac OS X and iPhone Payloads	Charlie Miller & Vicenzo Iozzo	BH EU 2009
	Patching Applications from Apple AppStore with additional protection	Reilly	N/A
2010
	iPhone Rootkit? There’s an App for that!	Eric Monti	ToorCon 2010
	iPhone security model & vulnerabilities	Cedric Halbronn & Jean Sigwald	HITB SecConf 2010
	iPhone Privacy	Nicolas Seriot	BH DC 2010
	Adding ASLR to jailbroken iPhones	Stefan Esser	POC 2010
2011
	iNception – Planting and Extracting Sensitive Data From Your iPhone’s Subconscious	Laurent Oudot	HITB Amsterdam
	iPhone Data Protection in Depth	Jean-Baptiste Bédrune & Jean Sigwald	N/A
	Auditing iPhone and iPad applications	Ilja van Sprundel	N/A
	Practical Consideration of iOS Device Encryption Security	Jens Heider & Matthias Boll	N/A
	Apple iOS 4 Security Evaluation	Dino Dai Zovi	BH US 2011
	Apple iOS 4 Security Evaluation (paper)	Dino Dai Zovi	BH US 2011
	OVERCOMING iOS DATA PROTECTION TO RE-ENABLE iPHONE FORENSICS	Andrey Belenko	BH US 2011
	OVERCOMING iOS DATA PROTECTION TO RE-ENABLE iPHONE FORENSICS (paper)	Andrey Belenko	BH US 2011
	Exploiting the iOS Kernel	Stefan Esser	BH US 2011
	Exploiting the iOS Kernel (paper)	Stefan Esser	BH US 2011
	iPhone Exploitation – One ROPe to Bind Them All?	Stefan Esser	HITB Malaysia 2011
	iPhone Espionage	Keith Lee	N/A
	Antid0te 2.0 – ASLR in iOS	Stefan Esser	HITB Amsterdam
	Targeting The IOS Kernel	Stefan Esser	SysScan11 Singapore
	Baseband Playground	Luis Miras	Ekoparty 7
	Dont Hassle the Hoff : Breaking iOS code signing	Charlie Miller	Syscan11 Taipei
	iOS Kernel Exploitation, IOKit Edition	Stefan Esser	SyScan11 Taipei
	Secure Development on iOS	David Thiel	PacSec 2011
	An analysis on iOS Jailbreak	Huang Heqing	N/A
	An analysis on iOS Jailbreak (presentation)	Huang Heqing	N/A
	Evolution of iOS Data Protection and iPhone Forensics: from iPhone OS to iOS 5	Andrey Belenko & Dmitry Sklyarov	BH Abu Dhabi 2011
	iOS applications reverse engineering	Julien Bachmann	SCS 2011
	Apple iPad In the Work Place	Russ Spooner	N/A
	Attacking and Defending Apple iOS Devices in the Enterprise	Tom Eston	N/A
	Writing secure iOS applications	Ilja van Sprundel	N/A
2012
	iOS5 An Exploitation Nightmare?	Stefan Esser	CanSecWest 2012
	iOS Application (In)Security	Dominic Chell	OWASP Ireland
	iOS Application (In)Security (paper)	MDSec	N/A
	iOS Applications – Different Developers Same Mistakes	Paul Craig	Syscan12 Singapore
	iOS Kernel Heap Armageddon	Stefan Esser	Syscan12 Singapore
	Evaluating iOS Applications	MDSec	OWASP Manchester
	“Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really?	Andrey Belenko & Dmitry Sklyarov	BH EU 2012
	“Secure Password Managers” and “Military-Grade Encryption” on Smartphones: Oh, Really? (paper)	Andrey Belenko & Dmitry Sklyarov	BH EU 2012
	Corona Jailbreak for iOS 5.0	Jailbreak Dream Team	HiTB Amsterdam
	Corona Jailbreak for iOS 5.0.1	Jailbreak Dream Team	HiTB Amsterdam
	Absinthe Jailbreak for iOS 5.0.1	Jailbreak Dream Team	HiTB Amsterdam
	iOS 6 Security: A Hacker’s Guide	Mark Dowd & Tarjei Mandt	HiTB KL
	Find Your Own iOS Kernel Bug	Xu Hao & Xiabo Chen	POC
	Practical iOS Apps hacking (paper)	Mathieu Renard	GreHack
	Defending Data on iOS	Securosis, LLC	N/A
	Jailbreaking Techniques	pod2g	WWJC
	Downgrading iOS: SHSH Blobs & APTickets	iH8sn0w	WWJC
	A Close-Up on Jailbreaking and Tweak Development	Nikias Bassen	WWJC
	iOS applications auditing	Julien Bachmann	AppSec Forum
	Pentesting iOS Apps: Runtime Analysis and Manipulation	Andreas Kurtz	DeepSec
	Practical iOS Apps hacking (slides)	Mathieu Renard	GreHack
	Hacking iOS Applications	Mathieu Renard	Hack.lu
2013
	Attacking the iOS Kernel: A Look at ‘evasi0n’	Tarjei Mandt	NIS
	Swiping Through Modern Security Features	evad3rs	HiTB Amsterdam
	Blackbox analysis of iOS apps	Dmitry Evdokimov	Zero Nights
2014
	Identifying Back Doors, Attack Points, and Surveillance Mechanisms in iOS Devices	JONATHAN ZDZIARSKI	HOPE/X
	Reversing iOS Apps – a practical approach	Patrick Wardle	T2
	Exploiting Unpatched iOS Vulnerabilities for Fun and Profit	Various Authors	N/A
	idb – iOS Blackbox Pentesting	Daniel A. Mayer	ShmooCon
	Exploring and Exploiting  iOS Web Browsers	Lukasz Pilorz, Marek Zmyslowski	HITB Amsterdam
2015
	iOS 678 Security  – Study in Fail	Stefan Esser	SyScan
	Optimized Fuzzing IOKIT in iOS	Lei Long	BlackHat US
	Optimized Fuzzing IOKIT in iOS (paper)	Lei Long	BlackHat US
	Review and Exploit Neglected Attack Surface in iOS 8	Pangu Team	BlackHat US
	Hacking from iOS 8 to iOS 9	Pangu Team	RUXCON/POC

Firmware

YEAR	NAME	AUTHOR(S)	CONFERENCE
2012
	New Results for Timing-Based Attestation	Xeno Kovah, Corey Kallenberg, Chris Weathers, Amy Herzog, Matthew Albin, John Butterworth	2012 IEEE Symposium on Security and Privacy
	No More Hooks: Trustworthy Detection of Code Integrity Attacks	Xeno Kovah, Corey Kallenberg, Chris Weathers, Amy Herzog, Matthew Albin, John Butterworth	DefCon 20
2013
	BIOS Chronomancy: Fixing the Core Root of Trust for Measurement	John Butterworth, Xeno Kovah, Corey Kallenberg	BlackHat US
	BIOS Chronomancy: Fixing the Core Root of Trust for Measurement (paper)	John Butterworth, Xeno Kovah, Corey Kallenberg	BlackHat US
2014
	All Your Boot Are Belong To Us	Yuriy Bulygin, Andrew Furtak, Oleksandr Bazhaniuk, John Loucaides	CanSecWest
	All Your Boot Are Belong To Us	Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell	CanSecWest
	Attacks on UEFI Security	Rafal Wojtczuk, Corey Kallenberg	31c3
	Attacking UEFI Boot Script	Rafal Wojtczuk, Corey Kallenberg	31c3
	Copernicus 2: SENTER the Dragon!	Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell	CanSecWest
	SENTER Sandman: Using Intel TXT to Attack BIOSes	Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell	HITB
	SENTER Sandman: Using Intel TXT to Attack BIOSes (paper)	Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell	HITB
	Defeating Signed BIOS Enforcement	Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell	N/A
	Analyzing UEFI BIOS from Attacker & Defender Viewpoints	Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell	BlackHat EU
	Into the Unknown: How to Detect BIOS-level attackers	Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell	VB 2014
	Into the Unknown: Assessing your BIOS vulnerabilities	Corey Kallenberg, John Butterworth, Sam Cornwell, Bob Heinemann	MIRcon
	Extreme Privilege Escalation on Windows 8/UEFI Systems	Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell	BlackHat US
	Extreme Privilege Escalation on Windows 8/UEFI Systems (paper)	Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell	BlackHat US
	Setup For Failure: Defeating Secure Boot	Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell	SyScan
	Setup For Failure: Defeating Secure Boot (paper)	Corey Kallenberg, Xeno Kovah, John Butterworth, Sam Cornwell	SyScan
2015
	BIOS Necromancy: Utilizing “Dead Code” for BIOS Attacks	Corey Kallenberg & Xeno Kovah	HITB GSEC
	Betting BIOS Bugs Won’t Bite Y’er Butt?	Corey Kallenberg & Xeno Kovah	ShmooCon
	How Many Million BIOSes Would you Like to infect?	Corey Kallenberg & Xeno Kovah	CanSecWest
	How Many Million BIOSes Would you Like to infect? (paper)	Corey Kallenberg & Xeno Kovah	CanSecWest
	Are you giving firmware attackers a free pass?	Corey Kallenberg & Xeno Kovah	RSA