Skip to Content
The Mac Hacker's Handbook
book

The Mac Hacker's Handbook

by Charlie Miller, Dino Dai Zovi
March 2009
Intermediate to advanced
384 pages
9h 32m
English
Wiley
Content preview from The Mac Hacker's Handbook

Chapter 12

Rootkits

OK, you got root; now what? So far, this book has discussed how to find vulnerabilities in computers running Mac OS X and how to exploit these holes to run code of your choosing. The last couple of chapters detailed some interesting payloads to run on victims’ computers. In this final chapter we move from controlling the user space to controlling the entire operating system by running code in the kernel. Code running within the kernel has no restrictions and can make fundamental changes to the way the operating system behaves. This allows the attacker to hide files, processes, and network connections from the normal system-administration tools. This ability makes discovering the compromise extremely difficult and makes cleaning up from the attack even more difficult.

Kernel Extensions

Rootkits are pieces of code that allow an attacker to hide their presence from the victim. They can hide files, processes, and network connections. They often come with modules that provide persistent access (backdoor) and network and keyboard sniffers. Most of these activities can be done, in one form or another, by user-space programs. Early rootkits simply modified programs like ls to change their output to suit the attacker. Such rootkits are easily discovered, and more advanced versions, like the ones outlined in this chapter, rely on running code in the kernel to change the fundamentals of the operating system itself.

Kernel extensions allow dynamic kernel-level code to ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services
QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

iOS Hacker's Handbook

iOS Hacker's Handbook

Ralf-Philipp Weinmann, Charlie Miller, Stefan Esser, Dino DaiZovi, Vincenzo Iozzo, Dion Blazakis
The Hacker's Guide to OS X

The Hacker's Guide to OS X

Alijohn Ghassemlouei, Robert Bathurst, Russ Rogers
Hacking and Securing iOS Applications
The Browser Hacker's Handbook

The Browser Hacker's Handbook

Wade Alcorn, Christian Frichot, Michele Orru

Publisher Resources

ISBN: 9781118080337Purchase book