Sign in

Observing Your macOS Red Team attack footprint like an EDR with a HELK Lab


Conf-thief

Introducing Conf-Thief


G-Dir Thief

What is this about?

During the last few Red Team Operations I’ve been on, I’ve found myself having phished my way into a victim’s G-Suite account. Among other things, I end up taking a look at the victim’s Google contacts and ultimately look at the victim organization’s Google directory. While you can absolutely export the victim user’s contacts you cannot, however export/download the organization’s directory. While super annoying as a Red Teamer, I give Google a lot of credit for this security-minded feature. Having access to an organizations complete directory is a pretty valuable to an adversary. Armed with this data…


GD-Thief


Enumerating TCC.db with JXA


How to get your electron app to do Mac stuff.

I Want it to be Pretty

I decided that I did not want to use Apple’s UIKit, because I don’t have much experience using it and I’m honestly not too impressed with the GUIs that it produces. I want something…


Are you really going there?

Yes, I am aware that attempting to answer the question “What is red teaming?” within the infosec community is a topic that tends to ruffle the feathers and stirs the pot for my red team peers, but I am writing this article anyway. I am writing this, because I have experience as a participant on all sides (I will go into detail of these “sides” later) of Military training exercises in two different branches of the U.S. military. I also have experience in these exercises in a information security capacity as well as in traditional combat scenario capacities. …



4n7m4n

Red Team Pen Testing Nobody | OSCP | InfoSec | Tech Junkie | OIF Veteran | Tweets are mine, not yours, nor anyone else's... Certainly not my employer's

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store