Olivia A. Gallucci

Coming soon!

• Talk: macOS Internals for Threat Detection Engineers: Logs, ESF, and Automation Utility Risks
• Duration: 25 minutes

Description

This presentation explores macOS’s security telemetry mechanisms, answering how macOS logging operates through the Unified Logging System (ULS), Endpoint Security Framework (ESF), and Transparency, Consent, and Control database (TCC.db) structures. It details techniques for extracting actionable telemetry from macOS logs using tools like Consolation3 and eslogger, and highlights the complexities of ESF-based interactions. The talk analyzes macOS threat vectors within automation utilities—such as LaunchAgent, LoginItem, and OSA script-based persistence and credential theft—as exploited by malware like Atomic Stealer and XCSSET. Detection strategies are proposed that focus on behavioral correlations—such as abnormal osascript execution, high-entropy command-line arguments, and post-execution network exfiltration—while leveraging tools like ESFPlayground, Mints, and Mac Monitor for telemetry collection and analysis. The talk provides attendees with the internals, telemetry, and tooling knowledge needed to investigate and harden macOS environments.

• Talk: Porting Linux Exploits to macOS
• Duration: 30 minutes

Abstract

The presentation examines how different OS architectures, particularly Linux and BSD, shape the techniques used in binary exploitation. It begins by highlighting the foundational systems and standards—System V, POSIX, BSD, UNIX, and Linux—that influence an OS’s behavior and security mechanisms like memory management, calling conventions, and stack management. Key topics include the System V application binary interface (ABI), which governs function calls and stack management, and POSIX standards, which ensure cross-platform exploit portability. The presentation explores UNIX philosophy’s emphasis on simplicity and modularity, showing how patterns can help us think about vulnerabilities. The section about BSD’s influence focuses on advanced memory management techniques that impact exploit strategies.

The presentation also covers OS security features (e.g., ASLR, Write XOR Execute (W^X), and stack canaries), and how to bypass them. It delves into exploiting system calls for privilege escalation, using a case study surrounding Shellshock (CVE-2014-6271) and how it relates to recent memory corruption issues. A comparison of SysV and BSD mechanics shows differences in calling conventions, stack management, and system calls—all of which affect exploit development. In conclusion, the presentation displays why an OS’s architecture can make or break successful binary exploitation, even if techniques themselves are theoretically viable.

• Talk: Syscalls and Stacks: A Guide to Cross-Platform Exploitation on macOS and Linux
• Duration: 30 Minutes
• Slides as PDF
• Website

Description

The presentation examines how different OS architectures, particularly Linux and BSD, shape the techniques used in binary exploitation. It begins by highlighting the foundational systems and standards—System V, POSIX, BSD, UNIX, and Linux—that influence an OS’s behavior and security mechanisms like memory management, calling conventions, and stack management. Key topics include the System V application binary interface (ABI), which governs function calls and stack management, and POSIX standards, which ensure cross-platform exploit portability. The presentation explores UNIX philosophy’s emphasis on simplicity and modularity, showing how patterns can help us think about vulnerabilities. The section about BSD’s influence focuses on advanced memory management techniques that impact exploit strategies.

The presentation also covers OS security features (e.g., ASLR, Write XOR Execute (W^X), and stack canaries), and how to bypass them. It delves into exploiting system calls for privilege escalation, using a case study surrounding Shellshock (CVE-2014-6271) and how it relates to recent memory corruption issues. A comparison of SysV and BSD mechanics shows differences in calling conventions, stack management, and system calls—all of which affect exploit development. In conclusion, the presentation displays why an OS’s architecture can make or break successful binary exploitation, even if techniques themselves are theoretically viable.

• Talk: macOS Internals for Threat Detection Engineers: Logs, ESF, and Automation Utility Risks
• Duration: 25 minutes
• Slides as PDF
• Website

Abstract

This presentation explores macOS’s security telemetry mechanisms, answering how macOS logging operates through the Unified Logging System (ULS), Endpoint Security Framework (ESF), and Transparency, Consent, and Control database (TCC.db) structures. It details techniques for extracting actionable telemetry from macOS logs using tools like Consolation3 and eslogger, and highlights the complexities of ESF-based interactions. The talk analyzes macOS threat vectors within automation utilities—such as LaunchAgent, LoginItem, and OSA script-based persistence and credential theft—as exploited by malware like Atomic Stealer and XCSSET. Detection strategies are proposed that focus on behavioral correlations—such as abnormal osascript execution, high-entropy command-line arguments, and post-execution network exfiltration—while leveraging tools like ESFPlayground, Mints, and Mac Monitor for telemetry collection and analysis. The talk provides attendees with the internals, telemetry, and tooling knowledge needed to investigate and harden macOS environments.

• Secret!

• Talks was accepted, but I was unable to attend as the conference fell within the first three months of starting a new job, and I didn’t have prior approval for time off. Next year! :)

• Talk: The Anatomy of a Mach-O: A Structured Guide to macOS Internals
• Duration: 20 minutes
• Website

• Talks was accepted, but I was unable to attend as the conference fell within the first three months of starting a new job, and I didn’t have prior approval for time off. Next year! :)

• Talks was accepted, but I was unable to attend as the conference fell within the first three months of starting a new job, and I didn’t have prior approval for time off. Next year! :)

• Both talks were accepted, but I was unable to attend as the conference fell within the first three months of starting a new job, and I didn’t have prior approval for time off. Next year! :)

• Talk was accepted, but I was unable to attend as the conference fell within the first three months of starting a new job, and I didn’t have prior approval for time off. Next year! :)

• Talk was accepted, but I was unable to attend as the conference fell within the first three months of starting a new job, and I didn’t have prior approval for time off. Next year! :)

• Unlocking macOS Internals: A Beginner’s Guide to Apple’s Open Source Code
• Full schedule
• Talk listing
• Saturday 1:00 PM
• Duration: 50 min
• Location: SH-1008
• Bio

Elevator pitch

Have you ever wondered how macOS works under the hood? For researchers, learning how to navigate Apple’s open source code is a game-changer. This talk demystifies macOS internals through its open source ecosystem, giving you everything you need to start hacking these machines!

Description

Have you ever wondered how macOS and iOS work under the hood? While Apple is known for its closed ecosystem, did you know that significant portions of macOS and iOS are open source—including security components? For security researchers, learning how to find, analyze, and use Apple’s open source code is a game-changer. In this talk, we’ll demystify macOS internals for beginners by breaking down Apple’s open source ecosystem—where to find it, how to navigate licensing limitations, and what components (continually) matter for security research.

We’ll explore techniques like binary analysis and extraction to uncover hidden references to source code. You’ll also learn how macOS and iOS share a common codebase! But it’s not always easy—these open source releases are often incomplete, outdated, or missing files. We’ll discuss challenges when compiling Apple’s open-source projects, troubleshooting errors, and making the most of these resources for reverse engineering. By the end of this session, you’ll have a solid foundation in macOS internals, understand how this open-source model impacts security, and gain practical skills to explore macOS from the inside out. If you’re curious about macOS internals, this talk will give you everything you need to know to start hacking these machines!

• Unlocking macOS Internals: A Beginner’s Guide to Apple’s Open Source Code
• Wednesday, 4 June 2025: 11:30am – 12:20pm EDT
• Location: Downstairs, Madison / Jefferson / Monroe
• 101 talks schedule
• Talk listing
• Bio

Abstract

Have you ever wondered how macOS works under the hood? For researchers, learning how to navigate Apple’s open source code is a game-changer. This talk demystifies macOS internals through its open source ecosystem, giving you everything you need to start hacking these machines!

• Unlocking macOS Internals: A Beginner’s Guide to Apple’s Open Source Code
• Time: 2-2:30 pm
• Duration: 30 minutes
• Schedule
• Speakers and bio

• Elements of Cross-Platform Exploitation – A Guide
• 30 minutes
• Track 2: 1130 – TURBO.10 – “Elements of Cross-Platform Exploitation” – Olivia Gallucci
• Website
• Speaker list

Bio

Olivia Gallucci is an offensive security engineer, freelance penetration tester, and blogger: oliviagallucci.com. She is a student at the Rochester Institute of Technology. Outside of cybersecurity, Olivia enjoys competitive sailing, fitness, and books on famous nerds.

Abstract

Having trouble applying your Linux hacks to other OS-es? This presentation explores how an OS’s architecture influences binary exploitation. It delves into how the System V application binary interface (ABI), POSIX standards, and the UNIX philosophy shape the mechanics of binary exploitation. The talk highlights stack management, system calls, and security mechanisms, including address space layout randomization (ASLR), Write XOR Execute (W^X), and stack canaries. By comparing System V and BSD-derived systems, this presentation illustrates nuances of exploiting binaries across different, yet often similar platforms.

• Unlocking macOS Internals: A Beginner’s Guide to Apple’s Open Source Code
• Monday, 26 May 2025: 2:00pm – 2:19pm PDT
• Duration: 20 minutes
• Location: Track 4
• Bio
• Listing

Two student panelists share their wisdom and insight on finding their first co-op. They also discuss their experiences on the job (i.e., challenges and successes) and anything else on the panelists’ minds relating to finding a co-op!

Two student panelists share their wisdom and insight on finding their first co-op. They also discuss their experiences on the job (i.e., challenges and successes) and anything else on the panelists’ minds relating to finding a co-op!

• Was the 1st speaker at the 1st BSides Zadar conference! :D
• This was talk No. 1 on the list
• Not recorded

• This was talk No. 2 on the list :)
• Not recorded

• Schedule
• LibrePlanet
• Panelists – Michael Brodskiy, Amit Shenoy, and Olivia Gallucci

Description

Nowadays, proprietary/non-free software has become nearly synonymous with educational establishments. Using software that is “the norm” or “industry standard” forces students to submit to proprietary applications “for the good of their future.” Tools for textbook access and homework assignment/submission force students to submit to subscription-based DRM models and forfeit any opportunity to own the knowledge contained within the textbooks. Big name companies, some of which are the biggest proponents of proprietary software, are considered the best on resumes, and students are encouraged to search for jobs at such conglomerates. GNU@NU, Northeastern’s free software organization is here to help! We will be holding a discussion on student experiences with free software, as they pertain to anything remotely educational. Come join us to help and learn more!

• LibrePlanet
• Talk page

Abstract

Organizations leverage free software for product development and procedural implementation. However, the cybersecurity industry often overlooks or misunderstands the free software community, resulting in significant gaps in security knowledge. This presentation delves into the intricate relationship between free software and closed-source vulnerabilities, explores free software lifecycles, and analyzes security trends within projects that adhere to or deviate from Freedom 3 (the right to redistribute modified programs). Additionally, it scrutinizes the social dynamics and economic factors contributing to the success of free software projects and communities.

This research aims to chronicle the evolution of free software projects, illustrate how organizations use free software projects, and identify effective security measures. Emphasizing the pivotal role of free software in cybersecurity, this presentation underscores elements such as documentation, collaboration, and human rights. Research methods included reviewing published research, journal articles, statistics, CVEs, and press articles about security threats and mitigations.

• 11 AM – 12 PM: 50-minute technical talk
• BSides Rochester

Description

This talk demystifies (legal) exploit development, providing attendees with a comprehensive understanding of how corporate and freelance hackers utilize open source software (OSS) for offensive purposes. Here, the audience will delve into the mechanics of exploit development using OSS. Additionally, participants will gain insights into the tools and platforms commonly employed in creating exploits, walking through a step-by-step development process. Real-world examples underscore the significance of incorporating OSS into cybersecurity practices and the potential consequences of neglecting this aspect. The final segment sheds light on the common misconceptions surrounding professional exploit development, and provides a nuanced perspective on the tools and techniques involved.

• Panelists – Alex Beaver, Joe Abbate, and Olivia Gallucci

Three student panelists share their wisdom and insight on finding their first co-op. They also discuss their experiences on the job (i.e., challenges and successes) and anything else on the panelists’ minds relating to finding a co-op!

Three student panelists share their wisdom and insight on finding their first co-op. They also discuss their experiences on the job (i.e., challenges and successes) and anything else on the panelists’ minds relating to finding a co-op!

Four student panelists share their wisdom and insight on finding their first co-op. They also discuss their experiences on the job (i.e., challenges and successes) and anything else on the panelists’ minds relating to finding a co-op!

• 2-2:30 PM with Jason Haddix and Gunnar Andrews at Recon Village @ DEF CON
• GitHub
• Recording

• 10 – 11 AM panel, Bugs, Bounties, and Breaches, in Recon Village @ DEF CON
  • Jason Haddix
  • Ben Sadeghipour
  • Wesley Thurner
  • Sam Curry
  • Arian E.
• Recording

• 11:30 – 1 PM with Jason Haddix and Gunnar Andrews at the Black Hat Arsenal
  • Easy EASM Black Hat Listing
• GitHub
• More information will be uploaded at a later date

Four student panelists share their wisdom and insight on finding their first co-op. They also discuss their experiences on the job (i.e., challenges and successes) and anything else on the panelists’ minds relating to finding a co-op!

Four student panelists share their wisdom and insight on finding their first co-op. They also discuss their experiences on the job (i.e., challenges and successes) and anything else on the panelists’ minds relating to finding a co-op!

Four student panelists share their wisdom and insight on finding their first co-op. They also discuss their experiences on the job (i.e., challenges and successes) and anything else on the panelists’ minds relating to finding a co-op!

• More information will be uploaded a later date

• An unrecorded forty-minute presentation about my scholarship story and how to apply to scholarships strategically
• 45-minute presentation
• May create a blog post at a later date

• Fire Talk about research I did at Open@RIT (not Apple)
• Learn more about the project here

• Duration: 30-minutes
• Project information

• I presented my research to around twenty students.
• Honors Independent Research Presentation
• Learn more about the project here

• Fifteen minute presentation with three activities involving grep, awk, and find

• Duration: 30-minutes
• View a very similar presentation here
• Project information

Learn from RIT students’—Ann Byerley, Matt Eggert, and Olivia Gallucci—experiences during COVID, how they handled working remotely and in-person. They are ready to share feedback and provide information on enhancing your brand with other RIT students.  

• Duration: 30-minutes
• Project information

• My research was a Fire Talk at the WiCyS international conference in Denver, Colorado.
• I won a full conference scholarship to present my research.
• Project information

Official image

• Learn more here

• I was a student panelist on New York City’s GenCyber Student and Professional Panel

• Presented with the RITSEC President and Head of Research
• Hour long meeting discussing club activities, student life, and Q&A
• Around fifteen attendees

• Presented with the RITSEC President and Head of Research
• Covered a ten-minute segment on RITSEC
• Around thirty attendees

• I presented my Honors research project to around thirty students.
• My research will be a Fire Talks at the Women in Cybersecurity (WiCyS) International Conference in Denver, Colorado. I won a full conference scholarship to present my research.
• Watch a very similar presentation here.

• I presented my research to seventeen faculty members.
• Honors Independent Research Presentation
• I was able to onboard two faculty contributors after my presentation.
• After this presentation, I was paid by Open@RIT to continue this project.
• All of the work I analyzed is located inside this Zotero collection.
• Project information

• I was one of two freshman student panelists at RIT’s open house for prospective Computing Security students.
• I covered various topics surrounding RIT, such as student life, academics, RITSEC, WiCyS@RIT, academic opportunities in Free and Open Source Software, and sailing.

• I was one of two freshman student panelists at RIT’s open house for prospective Computing Security students.
• Topic I covered included student life, academics, RITSEC, RIT’s WiCyS Chapter, RIT’s Free and Open Source Software program, and sailing.

• Covers what the WiCyS career fair is, how it works, and why freshman and sophomores should attend the fair.
• The original presentation was not recorded. I will be giving a similar presentation next year for RITSEC, and that presentation will be recorded. I will provide a link once the RITSEC presentation is uploaded.

• Co-presenting with Bradley Harker, Lukas Harris, and Michael Moore
• Covers the Rubber Ducky Mentorship Group’s research projects
• Lukas Harris wrote a blog post about his research: Blocking USB Rubber Ducky Attacks: and other badusb mitigation with udev rules and Group Policy