Thursday, May 3, 2012

Mac OS X Infector and Research Resources/Links

These are the links/resources collected by one of my friends Sandeep for his research purposes, shared with me. Most of it is worth the read. Hope this helps someone somewhere gain some knowledge........ !!!

HTE -- File manipulator

Mach-O filetype and infection methods

Same idea, different author

Method Swizzling (you can remap the function name pointer to binary code mapping on OS-X)

Class Posing!

OS-X Tools:
otool -- Object File Displaying Tool

gdb -- GNU Debugger (part of GCC)

gas -- host spoofing manager

libtool -- Create Libraries

file -- File Typer

ktrace -- Kernel Trace Logging for a process
System Calls, Name Translations, Signal Processing, I/O

dtrace -- Debugger/Tracer in 10.5+

kdump -- Kernel Dump Reader

class-dump -- Examines Objective-C Runtime data for MachO files.

Summary of other useful tools:

Other interesting links are most welcome. I can update the post if there are any interesting links.