{"id":1025,"date":"2009-08-13T09:07:42","date_gmt":"2009-08-13T08:07:42","guid":{"rendered":"http:\/\/blog.intego.com\/?p=1025"},"modified":"2009-08-13T09:07:42","modified_gmt":"2009-08-13T08:07:42","slug":"mac-os-x-rootkit-tools-released","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/mac-os-x-rootkit-tools-released\/","title":{"rendered":"Mac OS X Rootkit Tools Released"},"content":{"rendered":"<p>Security researcher Dino Dai Zovi <a http:\/\/blog.trailofbits.com\/2009\/08\/10\/advanced-mac-os-x-rootkits\/\">has released<\/a> a set of advanced rootkit tools for Mac OS X. This follows his recent presentation at Black Hat, which, &#8220;covered a number of Mach-based rootkit tools and techniques including user-mode Mach-O bundle injection, Mach RPC proxying, in-kernel RPC server injection\/modification, and kernel rootkit detection.&#8221;<\/p>\n<p>Dai Zovi says, &#8220;These tools are deliberately released as \u2018non-hostile\u2019\u00a0proof-of-concept tools that meant to demonstrate techniques and are\u00a0not suitable for use in actual rootkits or attack tools.\u00a0The IM and\u00a0SSL logging bundles log to the local system\u2019s disk in an obvious\u00a0fashion and Machiavelli opens up the controlling host to some obvious\u00a0attacks.\u00a0The non-Machiavelli version of inject-bundle, however, is\u00a0fully functional and useful for a variety of system-level tasks.\u00a0Using the other tools outside of a closed network or test virtual\u00a0machine is not recommended.&#8221; <\/p>\n<p>While this is true, in the wrong hands such tools can be used for malicious purposes. As is often the case with such &#8220;proof-of-concept&#8221; tools, you don&#8217;t need to go very far to find users who have different goals. We&#8217;ll be keeping a close eye on this.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security researcher Dino Dai Zovi<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13],"tags":[],"class_list":["post-1025","post","type-post","status-publish","format-standard","category-security-privacy"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Mac OS X Rootkit Tools Released  - The Mac Security Blog<\/title>\n<meta name=\"description\" content=\"Security researcher Dino Dai Zovi\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.intego.com\/mac-security-blog\/mac-os-x-rootkit-tools-released\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Mac OS X Rootkit Tools Released  - The Mac Security Blog\" \/>\n<meta property=\"og:description\" content=\"Security researcher Dino Dai Zovi\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.intego.com\/mac-security-blog\/mac-os-x-rootkit-tools-released\/\" \/>\n<meta property=\"og:site_name\" content=\"The Mac Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2009-08-13T08:07:42+00:00\" \/>\n<meta name=\"author\" content=\"Peter James\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Peter James\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/mac-os-x-rootkit-tools-released\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/mac-os-x-rootkit-tools-released\\\/\"},\"author\":{\"name\":\"Peter James\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/person\\\/d0c16bd0a4dd8f82d91204f400c8d116\"},\"headline\":\"Mac OS X Rootkit Tools Released\",\"datePublished\":\"2009-08-13T08:07:42+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/mac-os-x-rootkit-tools-released\\\/\"},\"wordCount\":11,\"publisher\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#organization\"},\"articleSection\":[\"Security &amp; Privacy\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/mac-os-x-rootkit-tools-released\\\/\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/mac-os-x-rootkit-tools-released\\\/\",\"name\":\"Mac OS X Rootkit Tools Released - The Mac Security Blog\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#website\"},\"datePublished\":\"2009-08-13T08:07:42+00:00\",\"description\":\"Security researcher Dino Dai Zovi\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/mac-os-x-rootkit-tools-released\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/mac-os-x-rootkit-tools-released\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/mac-os-x-rootkit-tools-released\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Mac OS X Rootkit Tools Released\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#website\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/\",\"name\":\"The Mac Security Blog\",\"description\":\"Keep Macs safe from the dangers of the Internet\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#organization\",\"name\":\"Intego\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"contentUrl\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/wp-content\\\/uploads\\\/2022\\\/10\\\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png\",\"width\":875,\"height\":875,\"caption\":\"Intego\"},\"image\":{\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/#\\\/schema\\\/person\\\/d0c16bd0a4dd8f82d91204f400c8d116\",\"name\":\"Peter James\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/02040a1b56c0554236733a69e59ffeacde3aff8b1d8fb9818a2b71ebbc0e2484?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/02040a1b56c0554236733a69e59ffeacde3aff8b1d8fb9818a2b71ebbc0e2484?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/02040a1b56c0554236733a69e59ffeacde3aff8b1d8fb9818a2b71ebbc0e2484?s=96&d=mm&r=g\",\"caption\":\"Peter James\"},\"url\":\"https:\\\/\\\/www.intego.com\\\/mac-security-blog\\\/author\\\/peter\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Mac OS X Rootkit Tools Released  - The Mac Security Blog","description":"Security researcher Dino Dai Zovi","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.intego.com\/mac-security-blog\/mac-os-x-rootkit-tools-released\/","og_locale":"en_US","og_type":"article","og_title":"Mac OS X Rootkit Tools Released  - The Mac Security Blog","og_description":"Security researcher Dino Dai Zovi","og_url":"https:\/\/www.intego.com\/mac-security-blog\/mac-os-x-rootkit-tools-released\/","og_site_name":"The Mac Security Blog","article_published_time":"2009-08-13T08:07:42+00:00","author":"Peter James","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Peter James"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-os-x-rootkit-tools-released\/#article","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-os-x-rootkit-tools-released\/"},"author":{"name":"Peter James","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116"},"headline":"Mac OS X Rootkit Tools Released","datePublished":"2009-08-13T08:07:42+00:00","mainEntityOfPage":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-os-x-rootkit-tools-released\/"},"wordCount":11,"publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"articleSection":["Security &amp; Privacy"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-os-x-rootkit-tools-released\/","url":"https:\/\/www.intego.com\/mac-security-blog\/mac-os-x-rootkit-tools-released\/","name":"Mac OS X Rootkit Tools Released - The Mac Security Blog","isPartOf":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#website"},"datePublished":"2009-08-13T08:07:42+00:00","description":"Security researcher Dino Dai Zovi","breadcrumb":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-os-x-rootkit-tools-released\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.intego.com\/mac-security-blog\/mac-os-x-rootkit-tools-released\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.intego.com\/mac-security-blog\/mac-os-x-rootkit-tools-released\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.intego.com\/mac-security-blog\/"},{"@type":"ListItem","position":2,"name":"Mac OS X Rootkit Tools Released"}]},{"@type":"WebSite","@id":"https:\/\/www.intego.com\/mac-security-blog\/#website","url":"https:\/\/www.intego.com\/mac-security-blog\/","name":"The Mac Security Blog","description":"Keep Macs safe from the dangers of the Internet","publisher":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.intego.com\/mac-security-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.intego.com\/mac-security-blog\/#organization","name":"Intego","url":"https:\/\/www.intego.com\/mac-security-blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","contentUrl":"https:\/\/www.intego.com\/mac-security-blog\/wp-content\/uploads\/2022\/10\/intego-organization-logo-for-google-knowledge-graph-875x875-1.png","width":875,"height":875,"caption":"Intego"},"image":{"@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.intego.com\/mac-security-blog\/#\/schema\/person\/d0c16bd0a4dd8f82d91204f400c8d116","name":"Peter James","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/02040a1b56c0554236733a69e59ffeacde3aff8b1d8fb9818a2b71ebbc0e2484?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/02040a1b56c0554236733a69e59ffeacde3aff8b1d8fb9818a2b71ebbc0e2484?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/02040a1b56c0554236733a69e59ffeacde3aff8b1d8fb9818a2b71ebbc0e2484?s=96&d=mm&r=g","caption":"Peter James"},"url":"https:\/\/www.intego.com\/mac-security-blog\/author\/peter\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/1025","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/comments?post=1025"}],"version-history":[{"count":0,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/posts\/1025\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/media?parent=1025"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/categories?post=1025"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.intego.com\/mac-security-blog\/wp-json\/wp\/v2\/tags?post=1025"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}