Posts List

macOS Red Teaming: Initial access via AppleScript URL

macOS Red Teaming Tricks series The idea of #macOSRedTeamingTricks series is to share simple & ready-to-use tricks that may help you during macOS red teaming engagements. The trick This post is about a funny trick that may help you in achieving initial access on a macOS machine. It requires performing advanced phishing but the code execution with built-in TCC bypass is extremely powerful. Let’s go to the point. The Script Editor (/System/Applications/Utilities/Script Editor.

macOS Red Teaming: Bypass TCC with old apps

macOS Red Teaming Tricks series The idea of #macOSRedTeamingTricks series is to share simple & ready-to-use tricks that may help you during macOS red teaming engagements. The trick This post shows how to bypass the macOS privacy framework (TCC) using old app versions. During red teaming engagements sometimes you need access to the Camera/Microphone or files stored on the user’s Desktop. It turns out that on macOS you cannot do this without special permissions that are handled by the TCC framework.

macOS Red Teaming: Get Active Directory credentials from NoMAD

macOS Red Teaming Tricks series This is the first post of the new #macOSRedTeamingTricks series. The idea is to share simple & ready-to-use tricks that may help you during macOS red teaming engagements. The trick This post shows how to get AD data, including a user’s login and password from a macOS machine with configured NoMAD. NoMAD helps Mac users bound with AD domains, and from my experience, it is widely used software, particularly in legacy Windows environments.