Virus scanning on macOS

Inspired by a recent post on the MDSec blog, I wanted to take a deeper look at virus scanning on macOS. When I ran into issues getting McAfee kexts approved and loaded correctly it gave me a good excuse to dig deeper. In this post I will provide a brief overview of the different Kernel APIs available to virus scanning tools on macOS and specifically how McAffee’s implementation works. Finally I will cover some things that I think could be improved in the McAfee implementation.

21 min read

Type embedding in Go

The Go programming language does not support the concept of inheritance in the traditional object oriented sense. It does allow for type embedding which provides a powerful method for composition. When getting started with Go these patterns are not always obvious. This post provides a short example of how type embedding is used in one of the Go standard library structs.

2 min read

macOS Kernel Debugging

Getting started debugging the kernel can be very intimidating the first time you do it. There are various in depth guides that have been written over the years but they frequently get out of date. This post provides a short, concise, and up to date guide on getting started as easily as possible.

2 min read

LLDB and Python

MacOSX doesn’t come with the most recent Python. It’s pretty normal to install a newer version either through brew or something else like the anaconda distribution. If you do install a newer version of Python you’re likely to encounter problems when trying to access scripting in LLDB.

2 min read