Скачать или смотреть #HITB2024BKK

BadUSB attacks have been an essential part of a Red Teamer’s bag of tricks for years. They allow us to relatively easily obtain a foothold on any unattended machine their user forgot to lock, by using a USB device that emulates a keyboard and sends a series of scripted malicious keystrokes. While it has been extensively used and documented on Windows systems, the examples available online for macOS systems are much scarcer and almost always rely on opening the terminal and issuing shell commands.

This talk will present an alternative way of obtaining code execution and getting an implant running on the macOS target. We will leverage a trusted, Apple-signed Live-off-the-Land binary (LOLBIN) and macOS-specific scripting languages which are available on a default installation. Every single step involved in the process will be done with stealth in mind and to avoid any disruption in the user’s environment. Tips will also be given along the way to overcome some challenges caused by macOS’ specificities.

===

Nicolas Buzy-Debat is currently the Red Team Lead at Grab, and has over a decade of experience in the cybersecurity industry, occupying positions ranging from Managed Vulnerability Intelligence consultant to Offensive Security and Red Team engineer. He enjoys exploiting Cloud environments and CI/CD systems, as well as experimenting and developing tradecraft on various systems including macOS. Occasional CTF player, his team won the Singapore International Cyber Week (SICW) SPIRITCYBER-2023 IoT hackathon and got the 4th place at the DEFCON Cloud Village CTF 2023. He was also a speaker at SINCON2024 (Modern Red Teaming workshop).