Red Teaming macOS Environments with Hermes the Swift Messenger

Presented at BSidesSF 2022 Rescheduled, June 4, 2022, 4:30 p.m. (50 minutes)

This talk will dive into the development of a new Swift implant, Hermes, targeting macOS. Hermes hooks into Cody Thomas' Mythic framework, which serves as the C2 controller. We will dive into the internals and capability of the implant as well as ways it can be detected with Apple's ESF.

Presenters:

• Justin Bui / slyd0g - Zoom   as Justin Bui
  Justin Bui is a red teamer at Zoom and was previously a red team consultant at SpecterOps. He is passionate about all things security and helping organizations improve their security posture. Justin enjoys writing code and developing offensive tools, particularly around Windows/macOS post-exploitation. When he's not doing security things, he's out skateboarding with friends.

Links:

• https://bsidessf2022.sched.com/event/rjpq/red-teaming-macos-environments-with-hermes-the-swift-messenger

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / The Swift Language from a Reverse Engineering Perspective
• DerbyCon 9.0 Finish Line (2019) / Bypassing MacOS Detections With Swift
• ShellCon 2021 Virtual / Red Teaming macOS Environments with Hermes the Swift Messenger