Category: OSX

Securing a default installation of MacOS

  This was originally written as the basis for a GIAC Gold paper.  Ultimately, it was not unique enough to warrant a research paper, but will provide an overview of the security features of MacOS.   As of mid 2016, MacOS captures nearly 10% of the global market for desktop PC software.  While Apple computers…


Control your Mac with an iPhone app – An analysis of HippoRemote

              Applications that are in use on Macs often times are under less scrutiny for security compared to their Windows alternatives.  When researching popular apps in use on OS X I found an app on the iPhone called HippoRemote.  It appears to be quite popular, with a combined 7,558…


Using email for persistence on OS X

In this post we will cover how we can use Mail.app on OS X to persist.  I was inspired by similar tools which are designed to work with Microsoft Outlook.  I first stumbled upon this article from MWR InfoSecurity, and then this blog post from Silent Break Security.  While rules in Mail.app will not replicate…


Privilege escalation on OS X – without exploits

This blog post is about ways to escalate privilege on OS X without the usage of exploits.  While exploits are always nice to have, there are other ways in which you can gain root privileges on your target.  By using misconfigurations with a little bit of social engineering you can get your victim to escalate…