/explore

Click through on any links that interest you or select the planets on the right to continue exploring the Outer Web.
You are here

objective-see.org
| | bradleyjkemp.dev
1.9 parsecs away

Travel
| | LaunchDaemon (or LaunchAgent) Hijacking is a MacOS privilege escalation and persistence technique. It involves abusing insecure file/folder permissions to replace legitimately installed, misconfigured LaunchDaemons with malicious code. I first spotted this issue affecting the OSQuery installer but went looking and found multiple other products with the same problem. This isn't a novel technique (it's briefly mentioned in T1543.004) but I was surprised to find it so rarely talked about. Example - Hijacking the OSQuery LaunchDaemon I've already disclosed this issue to the OSQuery team and they kindly let me use it as an example in this post.
| | objective-see.com
0.0 parsecs away

Travel
| | [AI summary] A technical deep-dive analysis of OSX.DazzleSpy, a macOS cyber-espionage implant targeting pro-democracy activists in Hong Kong, which persists via LaunchAgents and offers capabilities like remote desktop and keychain dumping.
| | blog.quarkslab.com
1.8 parsecs away

Travel
| | The following article explains how during a Purple Team engagement we were able to identify a vulnerability in Microsoft Teams on macOS allowing us to access a user's camera and microphone.
| | battlegames.wordpress.com
13.7 parsecs away

Travel
| I regret that owing to concerted spam and hacking attacks, I have removed the content from this site. Those of you interested in following what I'm up to can find my new blog alive and well at Henry's Wargaming: An Editor At Play and the site created to accompany my first book, The Wargaming Compendium....