As macOS continues to grow in adoption across enterprises in the midst of a rapidly evolving GenAI landscape, securing the endpoint presents an evolving challenge. Traditional detection engineering approaches, often Windows-centric, frequently fall short, leaving organizations vulnerable to sophisticated adversaries. This presentation, delivered by members of the TikTok USDS JV Red Team, will delve deep into the offensive security tradecraft and attack path strategies critical for conducting effective red team assessments against organizations heavily reliant on macOS and quickly adopting GenAI technology.
We will move beyond theoretical concepts and provide a technical exploration of the techniques we leverage in real-world operations. Attendees will gain actionable insights into:
- Initial Access Vectors for macOS Environments: Exploring contemporary methods to gain a foothold, including novel social engineering approaches tailored for macOS users, exploitation of client-side vulnerabilities in macOS applications, and supply chain compromises targeting development pipelines. We will discuss bypassing common endpoint detection and response (EDR) solutions during the critical initial phase.
- Achieving and Maintaining Code Execution: A deep dive into macOS-specific code execution primitives, ranging from abused legitimate functionalities and scripting languages to exploiting less common macOS frameworks. We will demonstrate how adversaries establish and maintain reliable code execution while evading detection.
- Establishing Resilient Persistence Mechanisms: Understanding the art of covert persistence and credential access on macOS. We’ll unveil techniques that allow attackers to move towards target objectives from the endpoint, leveraging the intricacies of macOS user environments, Electron applications, and more.
