The Hidden Treasure of Crash Reports - Understanding and Leveraging macOS Crash Data

This Black Hat conference talk explores the underappreciated value of crash reports as powerful tools for cybersecurity professionals. Learn how to decode and leverage these often overlooked files to uncover malware infections, exploitation attempts, and potentially exploitable system code vulnerabilities in macOS systems. The 51-minute presentation begins with a comprehensive breakdown of crash report structure and interpretation, then demonstrates how these digital breadcrumbs can reveal the exact causes of system failures. While covering essential reverse engineering concepts including ARM64 disassembly and debugging, the speaker walks through real-world crash examples that exposed serious vulnerabilities like uninitialized pointers, use-after-free bugs, and heap overflows—some of which remain present in macOS today. Presented by Patrick Wardle, CEO/Cofounder of DoubleYou, this crash course equips both defensive and offensive security practitioners with valuable insights for protecting or exploiting macOS systems.