Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore advanced techniques for reflective code loading on macOS in this comprehensive security conference talk that examines how sophisticated malware executes payloads directly from memory to bypass detection mechanisms. Learn about the historical methods of reflective code loading on macOS using native loader APIs, and discover how Apple's quiet modifications to these APIs enforced strictly file-based loading as a security enhancement that largely went unnoticed by malware authors. Examine real-world examples of malware that previously relied on now-obsolete reflective loading techniques, and understand why some continue using these outdated methods. Master several innovative approaches to re-enable reflective loading, including a deceptively simple technique that leverages Apple's own loader to demonstrate that reflective code loading remains viable even on the latest macOS versions 15 and 26. Access a complete proof-of-concept implementation that will be made available alongside the presentation. Develop defensive strategies to detect and mitigate reflective code loading capabilities, addressing the significant challenges this technique poses for security professionals. Gain insights from Patrick Wardle, founder of the Objective-See Foundation and author of "The Art of Mac Malware" book series, who brings extensive experience from NASA and NSA backgrounds along with deep expertise in macOS security research and Apple zero-day discovery.
