ltechnologygroup.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com.
Earlier this year, Mandiant launched a new freeware tool: Memoryze
for the Mac™. The tool brings many of the features of Memoryze™to the Apple® Macintosh platform, enabling
acquisition of memory images via the command-line or a simple GUI.
We are excited to announce it now fully supports OS X 10.6-10.8.
Recently, OS X Mountain Lion added kernel Address
Space Layout Randomization. It is a welcome security feature,
raising the bar for kernel exploitation. This feature adds an extra
step into the memory analysis tool. Previously, we could depend on
the paging table IdlePML4 and IdlePDPT addresses being at the same
physical memory location. With 10.8 and KASLR the physical memory
addresses of IdlePML4 and IdlePDPT became BootPML4 and BootPDPT,
while IdlePML4 and IdlePDPT are now randomized with ASLR. The boot
paging tables do not contain the full kernel virtual memory layout.
Since Memoryze for Mac does not depend on any symbol information, we
developed a mechanism to uniformly discover the randomized location
of the kernel paging tables.
Once again, Mountain Lion has
changed the memory location of nsysent. Prior to the change, it was
located directly after the sysent table itself. As documented in
several locations on the web, this made automated discovery and
verification of the table size convenient. Unfortunately, Apple
decided to move the location of nsysent, causing us to develop a new
sysent size discovery mechanism.
We have a growing list of
cool new features to add to Memoryze for Mac, but it may be until
after the new year before we are able to dev the features.
At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.
Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group, https://www.ltechnologygroup.com.