DEF CON 27 - Patrick Wardle - Harnessing Weapons of Mac Destruction
1,178
Published 2019-12-05
We'll begin this talk by discussing the methodology of subverting existing malware for "personal use", highlighting both the challenges and benefits of such an approach.
Next, we'll walk-thru the weaponization of various Mac malware specimens, including an interactive backdoor, a file-exfiltration implant, ransomware, and yes, even adware. Customizations include various runtime binary modifications that will coerce such malware to accept tasking from our own C&C servers, and/or automatically perform actions on our behalf.
Of course, in their pristine state, such samples are currently detected by AV products. As such we'll also walk-thru subtle modifications that will ensure our modified tools remains undetected by traditional detection approaches.
In conclusion, we'll highlight novel heuristic methods that can generically detect such threats to ensure Mac users remain protected even from such weaponized threats.