A New Mitigation Strategy for the most used macOS Persistence Technique

This research started with me looking for suggestions for my organization on mitigating launch persistence techniques for macOS. As a red team operator, sharing knowledge and recommendations with our security organizations is crucial to making our customers safer.

I took a look at the macOS MITRE ATT&CK matrix for the…

Observing Your macOS Red Team attack footprint like an EDR with a HELK Lab

As you run your red team attack in a macOS environment, you might find yourself wondering what your blue team is seeing from their Endpoint Detection & Response (EDR) solution.

In this article, I will explain how to build a lab using the following three components. You can use it…

Conf-thief

Introducing Conf-Thief

I don’t have to explain to the experienced Red Teamer the treasure trove of secrets and intelligence data that can be found in the pages of an organization's Confluence instance. If the Red Teamer finds herself on a victim’s Confluence site this could mean finding secrets and sensitive data that…

Introducing G-Dir Thief

G-Dir Thief

During the last few Red Team Operations I’ve been on, I’ve found myself having phished my way into a victim’s G-Suite account. Among other things, I end up taking a look at the victim’s Google contacts and ultimately look at the victim organization’s Google directory. While you…

How to get your electron app to do Mac stuff.

So, this story begins with me deciding that I wanted to develop a standalone app that can make MacOS Native API calls for purposes that I will not dive into, just yet (I plan to develop the app and do not know yet, how well it will pan out in…

4n7m4n

Red Team Pen Testing Nobody | OSCP | InfoSec | Tech Junkie | OIF Veteran | Tweets are mine, not yours, nor anyone else's... Certainly not my employer's

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store