The Clock is TCCing

Presented at Objective by the Sea version 6.0 (2023), Oct. 12, 2023, 11:25 a.m. (25 minutes).

TCC is a core macOS security & privacy feature. It enables users to control which applications have access to their sensitive data. \n\n TCC has several major shortcomings that we feel can be improved, specifically user awareness and notifications. \n\n With that in mind, we built Kronos to extend the features of TCC. Kronos will be released, free & open source at OBTSv6! This talk will outline our thought process, and delve into the various information stores that allow us to augment and extend TCC to better enable end users to protect their sensitive data.

Presenters:

• Calum Hall - Co-Founder at Phorion
  A former offensive security consultant, Calum has shifted his passion towards defending macOS estates. Most recently running GitHub’s Threat Detection and Response team and co-founding Phorion - a startup focused on macOS security.
• Luke Roberts - Co-Founder at Phorion
  Luke works as part of GitHub’s Red Team, focused on macOS related adversary emulation where he enjoys writing malware, developing new techniques or otherwise just causing a bit of mischief. He also is the co-founder of Phorion, a start-up building dedicated macOS security products for enterprises.

Links:

• https://objectivebythesea.org/v6/talks.html#Speaker_22
• https://www.youtube.com/watch?v=PwxmRqfsU18

Similar Presentations:

• Black Hat USA 2021 / 20+ Ways to Bypass Your macOS Privacy Mechanisms
• DEF CON 31 (2023) / ELECTRONizing macOS privacy - a new weapon in your red teaming armory
• Objective by the Sea version 6.0 (2023) / ELECTRONizing macOS Privacy - a New Weapon in Your Red Teaming Armory