Farming The Apple Orchards: Living off the Land Techniques

Presented at Objective by the Sea version 5.0 (2022), Oct. 7, 2022, 2 p.m. (25 minutes)

Interested in what "living off the land" looks like in the macOS world? Interested in what native utilities, APIs, and data sources an attacker can leverage for situational awareness and post exploitation?\n\nIf so, then this talk is for you!\n\nWe will dive into interesting 'lolbins', what data these utilities can be used to gather, and how that data may be of interest to attackers. We’ll also talk about lolbins that can be used for various post-exploitation capabilities.

Presenters:

• Chris Ross - Red Team Manager at Zoom
  Chris Ross is the Manager of the red team at Zoom. He enjoys mentoring, building the red team program, and helping drive change in the organization. \n\n Chris also likes to develop macOS post-exploitation toolsets and malware. Chris shares his tools at https://github.com/xorrior and his research at https://medium.com/@xorrior.
• Cedric Owens - Offensive Security Engineer at Meta
  Cedric is an offensive security engineer who comes from a blue team background. He enjoys researching and blogging on macOS red team techniques and has developed some tools to demonstrate these tactics for red and blue teamers alike. \n\n He also enjoys looking into macOS controls and searching for bypasses on his personal time. You can follow his blogs at cedowens.medium.com.

Links:

• https://objectivebythesea.org/v5/talks.html#Speaker_18

Similar Presentations:

• Wild West Hackin' Fest 2017 / 0wning the network with CrackMapExec v4.0
• SAINTCON 2019 / Living off the Land: Come for the living off the land, stay for the memes
• PancakesCon 1 (2020) Virtual / Living Off the Land with a Side of Bubble Tea