Explore >> Select a destination
|
You are here 
|
blog.quarkslab.com | ||
| | | | |
objective-see.org
|
|
| | | | | [AI summary] This post provides a technical analysis of OSX.DazzleSpy, a cyber-espionage macOS implant used to target pro-democracy users in Hong Kong, detailing its persistence mechanisms, remote capabilities, and detection by Objective-See's tools. | |
| | | | |
jhftss.github.io
|
|
| | | | | This is a blog post for my presentation at the conference OBTS v7.0. The slides are uploaded here. | |
| | | | |
bradleyjkemp.dev
|
|
| | | | | LaunchDaemon (or LaunchAgent) Hijacking is a MacOS privilege escalation and persistence technique. It involves abusing insecure file/folder permissions to replace legitimately installed, misconfigured LaunchDaemons with malicious code. I first spotted this issue affecting the OSQuery installer but went looking and found multiple other products with the same problem. This isn't a novel technique (it's briefly mentioned in T1543.004) but I was surprised to find it so rarely talked about. Example - Hijacking the OSQuery LaunchDaemon ?? I've already disclosed this issue to the OSQuery team and they kindly let me use it as an example in this post. | |
| | | | |
blog.nillsf.com
|
|
| | | |||
