Outer Web | Explore

Explore >> Select a destination

You are here		www.jviotti.com Launching macOS applications from the command-line
\|	\|	evilpacket.net Using Chrome Debugger Metasploit Gather Module	22.2 parsecs away Travel
\|	\|	a blog about my security research, development, and other things.	22.2 parsecs away Travel
\|	\|	knight.sc Debugging Apple binaries that use PT_DENY_ATTACH \| Scott Knight	36.9 parsecs away Travel
\|	\|	Recently while looking into the Apple adid daemon, I noticed that I couldn't attach to the process with lldb even if SIP was completely disabled. After digging into it a little bit I came to the conclusion that adid was calling the ptrace API passing in PT_DENY_ATTACH. There are numerous other posts out there (like this one) that talk about defeating PT_DENY_ATTACH if you're running the application yourself. In my case adid is started as a LaunchDaemon and is already running by the time a user is logged in. I decided to take a look at how you could defeat the ptrace call even after the application is already running.	36.9 parsecs away Travel
\|	\|	macops.ca Squirrel Updates, the Slack Mac App and User Environment Variables	15.6 parsecs away Travel
\|	\|	[AI summary] The article discusses methods to disable Squirrel auto-updates in Slack on macOS, including using environment variables and LaunchServices configuration.	15.6 parsecs away Travel
\|	\|	claroty.com New Critical Vulnerabilities in Unitronics Unistream Devices Uncovered \| Claroty	72.1 parsecs away Travel
\|		Team82 uncovered eight vulnerabilities that not only bypassed the authentication and authorization features in Unitronics UniStream PLCs, but also were able to chain to gain remote code execution on the device.	72.1 parsecs away Travel