Felix Seele



Dissecting Rotten Apples – macOS Malware Analysis


Contrary to what Apple wants you to believe, the Mac is not immune to malware or free of bugs. Security researchers have repeatedly found sometimes cringeworthy bugs that completely compromise the security of the operating system. Also, macOS malware is on the rise in terms of quantity and quality with recent samples becoming more sophisticated and evasive.

This talk In the first part of the talk will give an introduction to the macOS operating system from a malware analyst’s perspective. We will explain the unique architecture of the macOS “XNU” kernel and it’s userspace components, show how inter-process communication is implemented and which specific challenges the Objective-C programming languages introduce for program analysis. In the second part, we will focus on real-world samples and demonstrate some common behavior patterns and techniques which are used by macOS malware.


Felix Seele (VMRay, https://twitter.com/c1truz_)

Felix works as a Software Engineer at VMRay where he develops hypervisor-based malware analysis solutions for macOS and Windows. He started programming by teaching himself Objective-C in high-school to write Phone applications. Later, he found his way into malware research and received a master’s degree in IT Security at Ruhr-Universität Bochum, Germany. In his free time, Felix enjoys climbing, photography and cooking spicy food.

Copyright © 2023 | Nullcon India | International Security Conference | All Rights Reserved