{"@attributes":{"version":"2.0"},"channel":{"title":"Kernel on theevilbit blog","link":"https:\/\/theevilbit.github.io\/tags\/kernel\/","description":"Recent content in Kernel on theevilbit blog","generator":"Hugo","language":"en","lastBuildDate":"Tue, 12 May 2020 00:00:00 +0000","item":{"title":"Kernel Debugging macOS with SIP","link":"https:\/\/theevilbit.github.io\/posts\/kernel_debugging_with_sip\/","pubDate":"Tue, 12 May 2020 00:00:00 +0000","guid":"https:\/\/theevilbit.github.io\/posts\/kernel_debugging_with_sip\/","description":"<p>As security researchers, we often find ourselves needing to look deep into various kernels to fully understand our target and accomplish our goals. Doing so on the Windows platform is no mystery, as there have been countless well-written posts about kernel debugging setups. For macOS, however, the situation is slightly different.<\/p>\n<p>There are many great posts describing how to set up kernel debugging between two machines, but all of them suggest that SIP (System Integrity Protection) should be disabled for kernel debugging. This creates a problem if we want to investigate the inner workings of macOS\u2019s security mechanisms, since turning off SIP will also turn off most of the foundational security features of the operating system.<\/p>"}}}