Outer Web | Explore

Explore >> Select a destination

You are here		objective-see.com Objective-See's Blog
\|	\|	bradleyjkemp.dev LaunchDaemon Hijacking: privilege escalation and persistence via insecure folder permissions \| bradleyjkemp	11.1 parsecs away Travel
\|	\|	LaunchDaemon (or LaunchAgent) Hijacking is a MacOS privilege escalation and persistence technique. It involves abusing insecure file/folder permissions to replace legitimately installed, misconfigured LaunchDaemons with malicious code. I first spotted this issue affecting the OSQuery installer but went looking and found multiple other products with the same problem. This isn't a novel technique (it's briefly mentioned in T1543.004) but I was surprised to find it so rarely talked about. Example - Hijacking the OSQuery LaunchDaemon ?? I've already disclosed this issue to the OSQuery team and they kindly let me use it as an example in this post.	11.1 parsecs away Travel
\|	\|	tla.systems New iTunes Connect bug? - Three Letter Acronym	12.4 parsecs away Travel
\|	\|	Update, 01:36am - this bug was just fixed in iTunes Connect, and PCalc has been submitted correctly. Thanks Apple! Original post: I'm currently trying to submit an update to PCalc for i...	12.4 parsecs away Travel
\|	\|	intezer.com New SysJoker BackdoorTargets Windows, Linux, and macOS - Intezer	10.8 parsecs away Travel
\|	\|	In December 2021, we discovered a new multi-platformbackdoor that targets Windows, Mac, and Linux that we have named SysJoker.	10.8 parsecs away Travel
\|	\|	www.mattblodgett.com Matt Blodgett: Introducing Kenny	96.6 parsecs away Travel
\|		Matt Blodgett on topics occasionally germane to software development.	96.6 parsecs away Travel