Explore >> Select a destination
|
You are here 
|
objective-see.org | ||
| | | | |
bradleyjkemp.dev
|
|
| | | | | LaunchDaemon (or LaunchAgent) Hijacking is a MacOS privilege escalation and persistence technique. It involves abusing insecure file/folder permissions to replace legitimately installed, misconfigured LaunchDaemons with malicious code. I first spotted this issue affecting the OSQuery installer but went looking and found multiple other products with the same problem. This isn't a novel technique (it's briefly mentioned in T1543.004) but I was surprised to find it so rarely talked about. Example - Hijacking the OSQuery LaunchDaemon ?? I've already disclosed this issue to the OSQuery team and they kindly let me use it as an example in this post. | |
| | | | |
intezer.com
|
|
| | | | | In December 2021, we discovered a new multi-platformbackdoor that targets Windows, Mac, and Linux that we have named SysJoker. | |
| | | | |
objective-see.com
|
|
| | | | | [AI summary] A technical deep-dive analysis of OSX.DazzleSpy, a macOS cyber-espionage implant targeting pro-democracy activists in Hong Kong, which persists via LaunchAgents and offers capabilities like remote desktop and keychain dumping. | |
| | | | |
slashusr.wordpress.com
|
|
| | | Postfix on OSX: Revisited A few years back, I had written a post on enabling the Postfix MTA as a relay server on OSX, which was quite well received. The article was originally written for OS X Lion, though it remained valid for OSX Mountain Lion, and more recently on OSX Mavericks as well. However,... | ||
