Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Bypassing MacOS Detections With Swift

464 views

Published on

A look at using the Swift programming language to leverage macOS internal API calls for post exploitation.

Defcon 27 Red Team Village Presentation
Date: Aug 9 2019
Presenter: Cedric Owens

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Bypassing MacOS Detections With Swift

  1. 1. RED
  2. 2. func • Red • • Blue • • • @cedowens
  3. 3. import • • • • •
  4. 4. var • • • •
  5. 5. var • • • •
  6. 6. try PostEx • • • • •
  7. 7. try PostEx • • • • • https://github.com/cedowens/MacShell • •
  8. 8. var • • • • • • • • •
  9. 9. var Python /bin/sh /bin/ps EDR Perspective: Post Exploitation Tool:
  10. 10. let Stacked View (EDR Perspective): Python /bin/sh /bin/sh /bin/sh /bin/sh [command] [command] [command] [command]
  11. 11. func • • • • • • • •
  12. 12. func
  13. 13. print(“MacOS Internals for Post-Ex?”) • • •
  14. 14. return • • • •
  15. 15. try Swift • • • • “import Cocoa” • • •
  16. 16. let • • • • •
  17. 17. let • • • • • • •
  18. 18. var • • • • • • •
  19. 19. var •
  20. 20. var
  21. 21. func convertToSwift(cmdlinestring){} •
  22. 22. func convertToSwift(cmdlinestring){} • • •
  23. 23. func convertToSwift(cmdlinestring){} •
  24. 24. func convertToSwift(cmdlinestring){} • • •
  25. 25. func convertToSwift(cmdlinestring){} •
  26. 26. func convertToSwift(cmdlinestring){} •
  27. 27. func convertToSwift(cmdlinestring){} • • •
  28. 28. func convertToSwift(cmdlinestring){} •
  29. 29. func convertToSwift(cmdlinestring){} • • •
  30. 30. func convertToSwift(cmdlinestring){} •
  31. 31. func convertToSwift(cmdlinestring){} • • •
  32. 32. func convertToSwift(cmdlinestring){} •
  33. 33. func convertToSwift(cmdlinestring){} • • •
  34. 34. func convertToSwift(cmdlinestring){} •
  35. 35. func convertToSwift(cmdlinestring){} •
  36. 36. func convertToSwift(cmdlinestring){} • • •
  37. 37. func convertToSwift(cmdlinestring){} •
  38. 38. func convertToSwift(cmdlinestring){} • • •
  39. 39. func convertToSwift(cmdlinestring){} •
  40. 40. //What’s Next? •
  41. 41. • • • •
  42. 42.
  43. 43.
  44. 44. • • •
  45. 45. class Detection{} • • • • • • • • • •
  46. 46. var lookInto = true • Defenders • • • •
  47. 47. func Resources(){} • • https://github.com/cedowens/MacShellSwif t • • https://medium.com/red-teaming-with-a- blue-team-mentaility/b5faaa11e121 • • https://github.com/its-a-feature/Apfell

×