Explore macOS security concepts and advanced attack techniques in this 25-minute conference talk from Derbycon 2018. Delve into topics such as living off the land, discovery methods, credential access, privilege escalation, and lateral movement specific to Apple systems. Learn about AppleScript user prompts, Keychain access through CLI and theft, and detection mechanisms for remote commands. Gain insights into persistence strategies, visibility concerns, and other useful tools for macOS security. Discover the 'macintosh' baselining tool and its applications in securing Apple environments.
Overview
Syllabus
Intro
Agenda
macOS Security Concepts
A Brief Note on Living off the Land
Discovery
Credential Access and Privilege Escalation
AppleScript User Prompt
Keychain Access - CLI
Keychain Access - Stealing the Keychain
Lateral Movement
Detection: AppleScript - Remote Commands
Persistence
Visibility
Other Useful Tools
macintosh – a baselining tool
Related Courses
-
Application of the MITRE ATT&CK Framework
-
How to Hunt for Lateral Movement on Your Network
-
Fighting the Previous War - Attacking and Defending in the Era of the Cloud
-
Hacking Exposed - Real-World Tradecraft of Bears, Pandas and Kittens
-
Threat Hunting - Using MITRE ATT&CK Against Carbanak Malware
-
Deploying PAWs as Part of a Strategy to Limit Credential Theft and Lateral Movement
