Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 8 pages modified

Browse source
This commit is contained in:
CPol 2021-08-15 22:40:36 +00:00 committed by gitbook-bot
parent aca0a36b21
commit d59d282f70
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
6 changed files with 26 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
SUMMARY.md
View file

@ -58,10 +58,10 @@
* [MacOS Security & Privilege Escalation](macos/macos-security-and-privilege-escalation/README.md)
* [Mac OS Architecture](macos/macos-security-and-privilege-escalation/mac-os-architecture.md)
* [MacOS MDM](macos/macos-security-and-privilege-escalation/macos-mdm.md)
* [MacOS Protocols](macos/macos-security-and-privilege-escalation/macos-protocols.md)
* [MacOS Red Teaming](macos/macos-security-and-privilege-escalation/macos-red-teaming.md)
* [Mac OS Protocols](macos/macos-security-and-privilege-escalation/mac-os-protocols.md)
* [Inspecting, debugging and Fuzzing Mac OS Software](macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md)
* [Mac OS Serial Number](macos/macos-security-and-privilege-escalation/macos-serial-number.md)
* [MacOS Serial Number](macos/macos-security-and-privilege-escalation/macos-serial-number.md)
* [MacOS Apps - Inspecting, debugging and Fuzzing](macos/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing.md)
## Windows

14
macos/macos-security-and-privilege-escalation/README.md
View file

@ -145,7 +145,11 @@ You can enable/disable these services in "System Preferences" --> Sharing
### MacOS Protocols
{% page-ref page="mac-os-protocols.md" %}
{% page-ref page="macos-protocols.md" %}
### MacOS - Inspecting, Debugging and Fuzzing
{% page-ref page="macos-apps-inspecting-debugging-and-fuzzing.md" %}
## MacOS Security Mechanisms
@ -890,7 +894,13 @@ and tin this case the content cannot be decompiled even with `osadecompile`
However, there are still some tools that can be used to understand this kind of executables, [**read this research for more info**](https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/)\). The tool [**applescript-disassembler**](https://github.com/Jinmo/applescript-disassembler) with [**aevt\_decompile**](https://github.com/SentineLabs/aevt_decompile) will be very useful to understand how the script works.
## MacOS Automatic Enumeration
## MacOS Red Teaming
Red Teaming in **environments where MacOS** is used instead of Windows can be very **different**. In this guide you will find some interesting tricks for this kind of assessments:
{% page-ref page="macos-red-teaming.md" %}
## MacOS Automatic Enumeration Tools
* **MacPEAS**: [https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS](https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS)
* **Metasploit**: [https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum\_osx.rb](https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum_osx.rb)

2
macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md → macos/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing.md
View file

@ -1,4 +1,4 @@
# Inspecting, debugging and Fuzzing Mac OS Software
# MacOS Apps - Inspecting, debugging and Fuzzing
## Static Analysis

2
macos/macos-security-and-privilege-escalation/mac-os-protocols.md → macos/macos-security-and-privilege-escalation/macos-protocols.md
View file

@ -1,4 +1,4 @@
# Mac OS Protocols
# MacOS Protocols
## Bonjour

8
macos/macos-security-and-privilege-escalation/macos-red-teaming.md
View file

@ -7,6 +7,14 @@
If you manage to **compromise admin credentials** to access the management platform, you can **potentially compromise all the computers** by distributing your malware in the machines.
For red teaming in MacOS environments it's highly recommended to have some understanding of how the MDMs work:
{% page-ref page="macos-mdm.md" %}
And also about **MacOS** "special" **network** **protocols**:
{% page-ref page="macos-protocols.md" %}
## Active Directory
In some occasions you will find that the **MacOS computer is connected to an AD**. In this scenario you should try to **enumerate** the active directory as you are use to it. Find some **help** in the following pages:

2
macos/macos-security-and-privilege-escalation/macos-serial-number.md
View file

@ -1,4 +1,4 @@
# Mac OS Serial Number
# MacOS Serial Number
Apple devices manufactured after 2010 generally have **12-character alphanumeric** serial numbers, with the **first three digits representing the manufacturing location**, the following **two** indicating the **year** and **week** of manufacture, the next **three** digits providing a **unique** **identifier**, and the **last** **four** digits representing the **model number**.