Explore >> Select a destination

You are here

 www.malos-ojos.com
GE Concord 4 Home Security System - Resetting the Installer Code | Malos Ojos Security Blog
| | leetupload.com
You know how to send my signal - Setting up RFCat from scratch | leetupload.com
18.2 parsecs away

Travel
| |
| | dae.me
"Building boot caches" error when changing startup disk | Dae's blog
17.6 parsecs away

Travel
| |
| | andybrown.me.uk
Reverse engineering the Nokia 2730 QVGA LCD | Andys Workshop
18.5 parsecs away

Travel
| | You may have noticed that I have a bit of a 'thing' for the little TFT displays that you can commonly get on ebay. There's something satisfying about writing your own driver code and seeing one of ...
| | bradleyjkemp.dev
LaunchDaemon Hijacking: privilege escalation and persistence via insecure folder permissions | bradleyjkemp
48.0 parsecs away

Travel
| LaunchDaemon (or LaunchAgent) Hijacking is a MacOS privilege escalation and persistence technique. It involves abusing insecure file/folder permissions to replace legitimately installed, misconfigured LaunchDaemons with malicious code. I first spotted this issue affecting the OSQuery installer but went looking and found multiple other products with the same problem. This isn't a novel technique (it's briefly mentioned in T1543.004) but I was surprised to find it so rarely talked about. Example - Hijacking the OSQuery LaunchDaemon ?? I've already disclosed this issue to the OSQuery team and they kindly let me use it as an example in this post.