Outer Web | Explore

Explore >> Select a destination

You are here		objective-see.com Objective-See's Blog
\|	\|	bradleyjkemp.dev LaunchDaemon Hijacking: privilege escalation and persistence via insecure folder permissions \| bradleyjkemp	1.8 parsecs away Travel
\|	\|	LaunchDaemon (or LaunchAgent) Hijacking is a MacOS privilege escalation and persistence technique. It involves abusing insecure file/folder permissions to replace legitimately installed, misconfigured LaunchDaemons with malicious code. I first spotted this issue affecting the OSQuery installer but went looking and found multiple other products with the same problem. This isn't a novel technique (it's briefly mentioned in T1543.004) but I was surprised to find it so rarely talked about. Example - Hijacking the OSQuery LaunchDaemon ?? I've already disclosed this issue to the OSQuery team and they kindly let me use it as an example in this post.	1.8 parsecs away Travel
\|	\|	www.jamf.com Jamf Threat Labs Discovers Pirated macOS Apps Similar to ZuRu Malware	1.9 parsecs away Travel
\|	\|	Jamf Threat Labs discovers new pirated macOS applications that establish communication with attacker infrastructure, allowing the victim's computer to be controlled by the attacker.	1.9 parsecs away Travel
\|	\|	blog.florentdelannoy.com Keep GimmeSomeTune running · Florent's Blog	2.1 parsecs away Travel
\|	\|	Florent Delannoy's blog	2.1 parsecs away Travel
\|	\|	rick.cogley.info Run a TFTP Server for Network Device Setups : Rick Cogley Central	14.4 parsecs away Travel
\|		If you're working with networking devices such as switches, routers or firewalls, to upgrade their firmware, you more often than not need a TFTP server. Here's how to use the one included with Mac OS X or macOS.	14.4 parsecs away Travel