From d59d282f702fb853f1ace2d90a398e4bfa586f04 Mon Sep 17 00:00:00 2001 From: CPol Date: Sun, 15 Aug 2021 22:40:36 +0000 Subject: [PATCH] GitBook: [master] 8 pages modified --- SUMMARY.md | 6 +++--- .../README.md | 14 ++++++++++++-- ...macos-apps-inspecting-debugging-and-fuzzing.md} | 2 +- .../{mac-os-protocols.md => macos-protocols.md} | 2 +- .../macos-red-teaming.md | 8 ++++++++ .../macos-serial-number.md | 2 +- 6 files changed, 26 insertions(+), 8 deletions(-) rename macos/macos-security-and-privilege-escalation/{inspecting-and-debugging-mac-os-apps.md => macos-apps-inspecting-debugging-and-fuzzing.md} (99%) rename macos/macos-security-and-privilege-escalation/{mac-os-protocols.md => macos-protocols.md} (99%) diff --git a/SUMMARY.md b/SUMMARY.md index 3439f0b4e..0c084fc64 100644 --- a/SUMMARY.md +++ b/SUMMARY.md @@ -58,10 +58,10 @@ * [MacOS Security & Privilege Escalation](macos/macos-security-and-privilege-escalation/README.md) * [Mac OS Architecture](macos/macos-security-and-privilege-escalation/mac-os-architecture.md) * [MacOS MDM](macos/macos-security-and-privilege-escalation/macos-mdm.md) + * [MacOS Protocols](macos/macos-security-and-privilege-escalation/macos-protocols.md) * [MacOS Red Teaming](macos/macos-security-and-privilege-escalation/macos-red-teaming.md) - * [Mac OS Protocols](macos/macos-security-and-privilege-escalation/mac-os-protocols.md) - * [Inspecting, debugging and Fuzzing Mac OS Software](macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md) - * [Mac OS Serial Number](macos/macos-security-and-privilege-escalation/macos-serial-number.md) + * [MacOS Serial Number](macos/macos-security-and-privilege-escalation/macos-serial-number.md) + * [MacOS Apps - Inspecting, debugging and Fuzzing](macos/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing.md) ## Windows diff --git a/macos/macos-security-and-privilege-escalation/README.md b/macos/macos-security-and-privilege-escalation/README.md index 6e3a9ba6a..7e62e0b24 100644 --- a/macos/macos-security-and-privilege-escalation/README.md +++ b/macos/macos-security-and-privilege-escalation/README.md @@ -145,7 +145,11 @@ You can enable/disable these services in "System Preferences" --> Sharing ### MacOS Protocols -{% page-ref page="mac-os-protocols.md" %} +{% page-ref page="macos-protocols.md" %} + +### MacOS - Inspecting, Debugging and Fuzzing + +{% page-ref page="macos-apps-inspecting-debugging-and-fuzzing.md" %} ## MacOS Security Mechanisms @@ -890,7 +894,13 @@ and tin this case the content cannot be decompiled even with `osadecompile` However, there are still some tools that can be used to understand this kind of executables, [**read this research for more info**](https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/)\). The tool [**applescript-disassembler**](https://github.com/Jinmo/applescript-disassembler) with [**aevt\_decompile**](https://github.com/SentineLabs/aevt_decompile) will be very useful to understand how the script works. -## MacOS Automatic Enumeration +## MacOS Red Teaming + +Red Teaming in **environments where MacOS** is used instead of Windows can be very **different**. In this guide you will find some interesting tricks for this kind of assessments: + +{% page-ref page="macos-red-teaming.md" %} + +## MacOS Automatic Enumeration Tools * **MacPEAS**: [https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS](https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS) * **Metasploit**: [https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum\_osx.rb](https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum_osx.rb) diff --git a/macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md b/macos/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing.md similarity index 99% rename from macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md rename to macos/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing.md index c57621ffb..45e15ec8a 100644 --- a/macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md +++ b/macos/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing.md @@ -1,4 +1,4 @@ -# Inspecting, debugging and Fuzzing Mac OS Software +# MacOS Apps - Inspecting, debugging and Fuzzing ## Static Analysis diff --git a/macos/macos-security-and-privilege-escalation/mac-os-protocols.md b/macos/macos-security-and-privilege-escalation/macos-protocols.md similarity index 99% rename from macos/macos-security-and-privilege-escalation/mac-os-protocols.md rename to macos/macos-security-and-privilege-escalation/macos-protocols.md index 713cd6f26..38a0bfd29 100644 --- a/macos/macos-security-and-privilege-escalation/mac-os-protocols.md +++ b/macos/macos-security-and-privilege-escalation/macos-protocols.md @@ -1,4 +1,4 @@ -# Mac OS Protocols +# MacOS Protocols ## Bonjour diff --git a/macos/macos-security-and-privilege-escalation/macos-red-teaming.md b/macos/macos-security-and-privilege-escalation/macos-red-teaming.md index b4940f6d2..83a0a12ef 100644 --- a/macos/macos-security-and-privilege-escalation/macos-red-teaming.md +++ b/macos/macos-security-and-privilege-escalation/macos-red-teaming.md @@ -7,6 +7,14 @@ If you manage to **compromise admin credentials** to access the management platform, you can **potentially compromise all the computers** by distributing your malware in the machines. +For red teaming in MacOS environments it's highly recommended to have some understanding of how the MDMs work: + +{% page-ref page="macos-mdm.md" %} + +And also about **MacOS** "special" **network** **protocols**: + +{% page-ref page="macos-protocols.md" %} + ## Active Directory In some occasions you will find that the **MacOS computer is connected to an AD**. In this scenario you should try to **enumerate** the active directory as you are use to it. Find some **help** in the following pages: diff --git a/macos/macos-security-and-privilege-escalation/macos-serial-number.md b/macos/macos-security-and-privilege-escalation/macos-serial-number.md index e6c01bbce..f7e9d55bb 100644 --- a/macos/macos-security-and-privilege-escalation/macos-serial-number.md +++ b/macos/macos-security-and-privilege-escalation/macos-serial-number.md @@ -1,4 +1,4 @@ -# Mac OS Serial Number +# MacOS Serial Number Apple devices manufactured after 2010 generally have **12-character alphanumeric** serial numbers, with the **first three digits representing the manufacturing location**, the following **two** indicating the **year** and **week** of manufacture, the next **three** digits providing a **unique** **identifier**, and the **last** **four** digits representing the **model number**.