Combatting Mac OS X / iOS Malware with Data Visualization

Combatting Mac OS X / iOS Malware with Data Visualization>
Mac Security.net – David Balaban
In this presentation, Remy Baumgarten introduces Mach-O Viz, a web-based tool for analyzing Mac malware
Baumgarten, who works at ANRC Services and has experience in mobile malware analysis, identified a gap in the market for Mac malware analysis tools and created Mach-O Viz to address this need
Key points:
1) Mach-O Viz is designed to help network defenders understand the Mach-O file format better and efficiently analyze binaries for malicious behavior.
2) The tool presents a visual representation of a Mach-O binary, from the header through load commands and corresponding sections and segments.
3) It supports i386, x86_64, and ARM6/7 architectures for Mach-O files.
4) The back-end is designed to stay up-to-date with Apple’s specifications for the Mach-O file format.
5) Mach-O Viz utilizes open-source utilities provided by Apple and other sources
The presentation also covers the main features of the tool, including:
1) Visual File Explorer: Allows users to drill down into different parts of the file format for more information.
2) Interactive visualization: Users can zoom into segments for more detail.
3) Back-end graph and analytic system for graphing the binary’s disassembly.
4) Accessibility: The tool can be used on any platform with a web browser
Baumgarten demonstrates how to use the tool by uploading a binary and navigating through the Visual File Explorer to analyze different parts of the file format, such as the header and load commands.
Link: https://macsecurity.net/view/42-combatting-mac-os-x-ios-malware-with-data-visualization


Categories:

Tags: