Explore >> Select a destination
|
You are here 
|
objective-see.com | ||
| | | | |
rossmarks.uk
|
|
| | | | | I wanted to create a hardware pentesting sample report so when clients ask for a sample report I'm not giving them a web app one and saying "It's like this but different". I knew a | |
| | | | |
objective-see.org
|
|
| | | | | [AI summary] The provided text outlines various macOS malware campaigns and attacks, including backdoors, supply chain compromises, and multi-stage attacks. Key points include: 1. **RustBucket and BlueNoroff APTs**: These groups have been targeting macOS with backdoors like ObjCShellz, which are written in Objective-C and Swift, respectively. These malware variants communicate with C2 servers to download and execute payloads. 2. **JumpCloud Supply Chain Attack**: DPRK attributed attackers compromised JumpCloud, a zero-trust directory platform, leading to a supply chain attack that affected its customers. The attack involved spear-phishing and deploying payloads like FullHouse.Doored, StratoFear, and TieDye. 3. **Mandiant's Analysis**: Mandiant detailed th... | |
| | | | |
bradleyjkemp.dev
|
|
| | | | | LaunchDaemon (or LaunchAgent) Hijacking is a MacOS privilege escalation and persistence technique. It involves abusing insecure file/folder permissions to replace legitimately installed, misconfigured LaunchDaemons with malicious code. I first spotted this issue affecting the OSQuery installer but went looking and found multiple other products with the same problem. This isn't a novel technique (it's briefly mentioned in T1543.004) but I was surprised to find it so rarely talked about. Example - Hijacking the OSQuery LaunchDaemon ?? I've already disclosed this issue to the OSQuery team and they kindly let me use it as an example in this post. | |
| | | | |
hiltmon.com
|
|
| | | [AI summary] The post discusses increasing the file descriptor ulimit on macOS to prevent resource starvation in development environments, providing a script to adjust system limits permanently. | ||
