Overview
Explore macOS security concepts and advanced attack techniques in this 25-minute conference talk from Derbycon 2018. Delve into topics such as living off the land, discovery methods, credential access, privilege escalation, and lateral movement specific to Apple systems. Learn about AppleScript user prompts, Keychain access through CLI and theft, and detection mechanisms for remote commands. Gain insights into persistence strategies, visibility concerns, and other useful tools for macOS security. Discover the 'macintosh' baselining tool and its applications in securing Apple environments.
Syllabus
Intro
Agenda
macOS Security Concepts
A Brief Note on Living off the Land
Discovery
Credential Access and Privilege Escalation
AppleScript User Prompt
Keychain Access - CLI
Keychain Access - Stealing the Keychain
Lateral Movement
Detection: AppleScript - Remote Commands
Persistence
Visibility
Other Useful Tools
macintosh – a baselining tool