Hiding from the Investigator: Understanding OS X and iOS Code Signing to Hide Data

ShmooCon XII - 2016

Presented by: Joshua Pitts
Date: Friday January 15, 2016
Time: 18:00 - 18:25
Location: One Track Mind

To hide data from a the forensic practitioner you need to exploit either a gap in their knowledge, their processes, and/or their tools. This is a talk about all three in regards to Apple OS X and iOS code signing. Much research has been conducted around code signing with respect to preventing malicious code execution at binary load time. This strictly about forensics, binary tampering, and data smuggling.

Joshua Pitts

Josh Pitts (@midnite_runr) likes to write code that patches code with other code via The Backdoor Factory. Sometimes this leads to the discovery of funny bugs and to Russians patching stuff over the Internet. He has worked for the military, the US government, private consulting, and startups doing pentesting, defending networks, designing secure systems, and breaking security products.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats