Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

ELECTRONizing MacOS Privacy - A New Weapon in Red Teaming Armory

DEFCONConference via YouTube

Overview

Explore a 20-minute conference talk from DEF CON 31 that delves into exploiting MacOS privacy controls through Electron applications. Learn about the TCC (Transparency, Consent, and Control) framework that protects sensitive resources like documents, camera, microphone, and emails on MacOS systems. Discover how to leverage vulnerabilities in Electron apps' default configurations to bypass these privacy restrictions without relying on 0-day exploits. Gain practical insights into executing code within Electron app contexts to inherit their TCC permissions, making it valuable for red team operations. Understand both offensive techniques and defensive measures, as the presentation covers detection strategies for blue teams while introducing a new open-source tool for MacOS security testing.

Syllabus

DEF CON 31 - ELECTRONizing MacOS Privacy - A New Weapon in Your Red Teaming Armory - Wojciech Reguła

Taught by

DEFCONConference

Reviews

Start your review of ELECTRONizing MacOS Privacy - A New Weapon in Red Teaming Armory

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.