Farming The Apple Orchards: Living off the Land Techniques

Presented at Objective by the Sea version 5.0 (2022), Oct. 7, 2022, 2 p.m. (25 minutes).

Interested in what "living off the land" looks like in the macOS world? Interested in what native utilities, APIs, and data sources an attacker can leverage for situational awareness and post exploitation?\n\nIf so, then this talk is for you!\n\nWe will dive into interesting 'lolbins', what data these utilities can be used to gather, and how that data may be of interest to attackers. We’ll also talk about lolbins that can be used for various post-exploitation capabilities.


Presenters:

  • Cedric Owens - Offensive Security Engineer at Meta
    Cedric is an offensive security engineer who comes from a blue team background. He enjoys researching and blogging on macOS red team techniques and has developed some tools to demonstrate these tactics for red and blue teamers alike. \n\n He also enjoys looking into macOS controls and searching for bypasses on his personal time. You can follow his blogs at cedowens.medium.com.
  • Chris Ross - Red Team Manager at Zoom
    Chris Ross is the Manager of the red team at Zoom. He enjoys mentoring, building the red team program, and helping drive change in the organization. \n\n Chris also likes to develop macOS post-exploitation toolsets and malware. Chris shares his tools at https://github.com/xorrior and his research at https://medium.com/@xorrior.

Links:

Similar Presentations: