|
You are here |
blog.xpnsec.com | ||
| | | | |
macops.ca
|
|
| | | | | [AI summary] The post details a technical method for system administrators to monitor Apple's XProtect meta feed changes using command-line tools to handle updated malware definitions and plugin requirements. | |
| | | | |
truesecdev.wordpress.com
|
|
| | | | | Background and acknowledgement This full disclosure is based on my discovery of a privilege escalation vulnerability in Apple OS X called rootpipe. Read my full disclosure on rootpipe here for some background info. Big thanks to Patrick Wardle who inspired me to start new investigations, by saying that he found a way to re-abuse rootpipe... | |
| | | | |
knight.sc
|
|
| | | | | Recently while looking into the Apple adid daemon, I noticed that I couldn't attach to the process with lldb even if SIP was completely disabled. After digging into it a little bit I came to the conclusion that adid was calling the ptrace API passing in PT_DENY_ATTACH. There are numerous other posts out there (like this one) that talk about defeating PT_DENY_ATTACH if you're running the application yourself. In my case adid is started as a LaunchDaemon and is already running by the time a user is logged in. I decided to take a look at how you could defeat the ptrace call even after the application is already running. | |
| | | | |
blog.ostanin.org
|
|
| | | I always wanted to have an always-on Mac OS X machine which I could run Jenkins on to build and test iOS apps. While I have an old MacBook Pro I could use, I'd rather not have another computer running 24?7, especially one which would receive so little use. While OS X runs in VMWare (with some hacks) and VirtualBox, it can also run on KVM with a few patches thanks to Gabriel Somlo's excellent work. | ||