Tag Archives: osx

A high-level evaluation of the OpenBSM audit system in OS X

One of the BSD legacy security mechanisms included with OS X is OpenBSM. This is an audit mechanism. In contrast, TrustedBSD (also included with OS X) is a mandatory access control mechanism which can block system calls based on some … Continue reading

Posted in Uncategorized | Tagged , | Leave a comment

Disabling revoked cert checking for malware research on OS X

Malware research involves running malware samples, typically in VMs. Because developer codesigning certificates are trivial to acquire in the Apple ecosystem, OS X malware samples are very often code signed. When malware is discovered, Apple can and often does revoke … Continue reading

Posted in Uncategorized | Tagged , | Leave a comment

libproc for process listing on OSX

On OSX if you need to manage other processes, a sensible place to start is NSRunningApplication class. You can instantiate one of these with a pid: An NSRunningApplication object has amongst other things, the following properties: executableURL bundleURL bundleIdentifier That … Continue reading

Posted in Uncategorized | Tagged | Leave a comment