RT-3006 Red Teaming MacOS Environments

Presented at Texas Cyber Summit 2019, Oct. 11, 2019, 5:15 p.m. (60 minutes).

This talk is focused on red teaming techniques and tools against MacOS hosts in enterprise environments. Below is the outline of topics that will be discussed: -Intro -Agenda -A Look at MacOS Enterprise Deployments (Common technologies, Remote management, Local admin rights, Misconfigurations) -Phishing techniques (Payload types, Credential harvesting techniques) -Gatekeeper (What is it?, How does it work?, Ways around it/limitations) -Post Exploitation Methods and Examples -Common patterns/detection techniques (Parent-child processes, Command line arguments, Network connections) -Migrating to API Calls (How?, Why This is Harder to Detect, Examples) -Defensive Recommendations (Host-based, Network-based) -Q&A

Presenters:

• Brandon Dennis - RedTeam Nation
  Brandon is an offensive security engineer who came from a jack of all trades background. Brandon has does everything from Development, Systems Administration, networking and Red Teaming. Brandon is the founder of RedTeam Nation. A company designed to bring individuals into Red Teaming from the ground up at [ https://redteamnation.com](https://redteamnation.com). On the side Brandon enjoys working with memory and assembly while building tools that break new ground for Red Teams."

Links:

• https://texascybersummitii2019.sched.com/event/WFMD/rt-3006-red-teaming-macos-environments

Similar Presentations:

• DerbyCon 9.0 Finish Line (2019) / Bypassing MacOS Detections With Swift
• DEF CON 29 (2021) / Gone Apple Pickin': Red Teaming macOS Environments in 2021
• DEF CON 29 (2021) / Bundles of Joy: Breaking macOS via Subverted Applications Bundles