On macOS, defenders are watching shell scripts, a few common binaries, and python usage as easy tell-tale signs of red teamers. After all, it's very anomalous for HR to start running Python, Perl, or Ruby, and Marketing employees never run shell commands. As EDR products and defenders start to get more adept at looking into macOS, it's time for red teamers to start adapting as well. The question becomes: what should you use for an agent? If only macOS had a native scripting capability geared towards automating tasks common across all disciplines that is meant to be accessible even to non-programmers. In this talk, I'll go into the research, development, and usage of a new kind of agent based on JavaScript for Automation (JXA) and how it can be used in modern red teaming operations. This agent is incorporated into a broader open source project designed for collaborative red teaming I created called Apfell. I will discuss TTPs for doing reconnaissance, persistence, injection, and some keylogging all without using a shell command or spawning another scripting language. I will go into details of how JXA can be used to create an agent complete with encrypted key exchange for secure communications, domain fronting C2, and modular design to load or change key functionality on the fly. I will also cover the defensive considerations of these TTPs and how Apple is starting to secure these capabilities going forward.