Infiltrate Security Conference OPEN CFP

This CFP is not yet open - Check back soon!

Sierra Had a Little Lamb: A Userland Kit for MacOS

Exploit Development

Long gone are the days of trivially exploiting services to gain root; these days, multiple exploits are typically strung together to form an exploit chain. If sections of the chain fail, an attacker is left with a situation where they must investigate the target while attempting to remain hidden. In this talk I introduce LAMB, a multi-stage solution to this scenario which attempts to hide an attacker’s activities without requiring system privileges. This talk will cover how this is accomplished, covering a variety of ways including user-space execve and scheduling, virtual file cache, shadow file descriptor tables and more. I will also discuss ways to mitigate the high system resources of the compromised application and ways to operate within the common sandbox profiles on the system.

Back to Open CFP
Rated 6 - 62 reviewers



Offensive and highly technical. Love it.


Dynamic multi-layer recon hiding? Intriguing.

Interested in Speaking?

We are pleased to announce the Call For Papers for INFILTRATE 2018 is now open. If you would like to present and have an offense-focused-fresh-content presentation, please submit an abstract, Bio and headshot to This information will be included on our Open CFP site, here, where the public can vote on which presentations they are most interested in seeing at INFILTRATE. Call for papers will close on December 14th, 2017. Shortly after this date, the winning speakers will be notified.

Some of the benefits of speaking at INFILTRATE are: