/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

blog.xpnsec.com
| | macops.ca
13.1 parsecs away

Travel
| | [AI summary] The post details a technical method for system administrators to monitor Apple's XProtect meta feed changes using command-line tools to handle updated malware definitions and plugin requirements.
| | truesecdev.wordpress.com
12.6 parsecs away

Travel
| | Background and acknowledgement This full disclosure is based on my discovery of a privilege escalation vulnerability in Apple OS X called rootpipe. Read my full disclosure on rootpipe here for some background info. Big thanks to Patrick Wardle who inspired me to start new investigations, by saying that he found a way to re-abuse rootpipe...
| | knight.sc
13.9 parsecs away

Travel
| | Recently while looking into the Apple adid daemon, I noticed that I couldn't attach to the process with lldb even if SIP was completely disabled. After digging into it a little bit I came to the conclusion that adid was calling the ptrace API passing in PT_DENY_ATTACH. There are numerous other posts out there (like this one) that talk about defeating PT_DENY_ATTACH if you're running the application yourself. In my case adid is started as a LaunchDaemon and is already running by the time a user is logged in. I decided to take a look at how you could defeat the ptrace call even after the application is already running.
| | blog.ostanin.org
18.8 parsecs away

Travel
| I always wanted to have an always-on Mac OS X machine which I could run Jenkins on to build and test iOS apps. While I have an old MacBook Pro I could use, I'd rather not have another computer running 24?7, especially one which would receive so little use. While OS X runs in VMWare (with some hacks) and VirtualBox, it can also run on KVM with a few patches thanks to Gabriel Somlo's excellent work.