![]() ![]() Active Directory is more than just Windows The rest of this post focuses on macOS specific background knowledge, abuses regarding Kerberos, and defensive considerations. ![]() #Download heimdal command line for mac manualBifrost is an Objective C library that uses lower level Kerberos APIs and manual Kerberos network traffic to allow collection, manipulation, exfiltration, and discovery of Kerberos related information on macOS. To help work with Kerberos tickets on macOS endpoints, I’m releasing a new, open source tool called Bifrost. Twitter poll for frequency of seeing AD joined macOS endpoints in offensive engagementsįrom the quick poll results, at least 30% of people encounter an AD joined Mac at least 25% of the time. This is more useful on an Active Directory (AD) joined computer, but how common is that really? Specifically, there are Kerberos tickets. There are more credentials on a macOS endpoint than just the user’s password hash or plaintext password. One thing people often forget though is that credentials come in many varieties. Even some of Apple’s own versions of scripting languages like Javascript for Automation (JXA) are poorly maintained and not feature complete.Īs a red teamer, assuming you manage to get execution on a macOS endpoint, two of the biggest pain points for assessments deal with credential access and lateral movement. After all, if Python isn’t on the table, then neither are common tools like Empire, Impacket, or Responder. This pushes development of new capabilities lower into the operating system or into Apple-specific programming languages. However, with the new direction Apple is headed, there’s no guarantee for external languages like Python, Ruby, or Perl to exist on a macOS endpoint by default. Because of this, red teamers and penetration testers historically gravitated towards things like Python and shell commands due to their stability. Each change can deprecate a whole suite of offensive tooling or add multiple extra hurdles. Apple moves forward in large jumps each time they release a new version of their Macintosh operating system. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |