Last year I posted a few tricks to help when targeting MacOS users, and included a technique useful for spoofing file extensions with the aim of taking advantage of Finder's removal of the .app extension from certain filenames.... Read More »
Encountering Apple devices during RedTeam engagements is becoming increasingly common, so it's useful to have a few techniques available when navigating around whatever privacy or security changes are introduced with each version of MacOS. When MacOS Mojave rolled out at the end of 2018, a set of privacy restrictions were introduced to alert a user when an application requested access to sensitive data, such as the camera, microphone, address book, calendar etc.. And as (more often than not) o... Read More »
If you follow our research over on MDSec's blog, you will have seen a number of posts documenting macOS research we've recently completed. As RedTeamer's, we have a wealth of information available to us when it comes to attacking Windows endpoints, whether that be via a HTA, OLE, a macro office document or even simply binary hiding as a legitimate application, we are never short of options to gain access to a targets machine when phishing. The same unfortunately... Read More »
As presented in our previous post exploring AV self-protection, the ability for an attacker to hide or protect software by leveraging protection features has become extremely interesting to me. With this in mind, I wanted to look at just how SIP bypasses were performed... enter VirtualBox.... Read More »
In this post we will analyse BitDefender on MacOS, looking at some of the self-protection methods hooking MacOS. At the end of the post, we will have a bit of fun and show just how we can leverage this technology to hide our malware during an engagement.... Read More »