Destructive D-Trace - With Great Power Comes Great Responsibility

No ratings

Presented at Infiltrate 2013 by

Nemo

felinemenace.org

Abstract: Dtrace,an instrumentation framework present on Mac OS X, Solaris and TrustedBSD, has long been a tool for system administrators and developers alike to investigate and debug their applications and platform. However, it also can be utilized by an attacker as a means of cloaking their presence on the system.This talk will discuss the implementation of a fully functional rootkit via Dtrace probes. It will also look at ways of making detection of the rookit more difficult.