Red Teaming macOS Environments with Hermes the Swift Messenger

Presented at ShellCon 2021 Virtual, Oct. 8, 2021, 4 p.m. (55 minutes)

Swift is a great language for offensive tooling due to ease of development compared to lower level languages (Objective-C/C/C++), while still having the flexibility to utilize said lower level languages when the job requires it.<br>In this talk, I'll go into the research, development, and usage of a new Swift implant, Hermes, that can be used in modern red teaming operations. Hermes hooks into Cody Thomas' Mythic framework, which serves as the controller.<br>I will dive into the various functionality implemented within Hermes that allows for secure communications, reconnaissance, code execution, data exfiltration, and extensibility with existing offensive tooling. Lastly, I will cover defensive considerations for different TTPs implemented within Hermes. Following this talk, Hermes will be open-sourced for security professionals to test and validate detections within macOS environments.

Presenters:

• Justin Bui / slyd0g   as Justin Bui
  Justin Bui is a red teamer at Zoom and was previously a red team consultant at SpecterOps. He is passionate about all things security and helping organizations improve their security posture. Justin enjoys writing code and developing offensive tools, particularly around Windows/macOS post-exploitation.

Links:

• https://shellcon.io/talks/2021/hermes-the-swift-messenger/
• https://downloads.shellcon.io/slides/2021/hermes-the-swift-messenger-shellcon2021.pdf

Similar Presentations:

• DeepSec 2018 „I like to mov &6974,%bx“ / The Swift Language from a Reverse Engineering Perspective
• BSidesSF 2022 Rescheduled / Red Teaming macOS Environments with Hermes the Swift Messenger
• DerbyCon 9.0 Finish Line (2019) / Bypassing MacOS Detections With Swift