The source code of MacHound can be found here. I followed the same technical limitations that we use at XM Cyber to ensure a safe and reliable attack simulation without experiencing an undesirable negative effect. To become more familiar with the attack vectors, I began to develop an extension for BloodhoundAD (which is very useful) that allows the collection of data required for Bloodhound on Mac machines. While doing the research, I stumbled upon many security tools that provide most, if not all, of the required capabilities that I was looking for, such as “Bifrost” and “Orchard” by Cody Thomas (kudos!).
I started mapping out the attack surface that an Active Directory integration adds to MacOS, focusing on performing a lateral movement from the Mac- to the Windows-based parts of the Active Directory, and vice versa. As I began my research, I noticed that, as opposed to my initial assumptions, MacOS were not standalone devices that sometimes were managed by an MDM solution rather, they were integrated and partially managed by the client’s Active Directory (on-prem or Azure). Designing this support meant researching MacOS’s attack surface with a focus on creating the greatest impact for our current and future clients. As a security researcher at XM Cyber, designing core product support for MacOS was one of my goals la st year.
0 kommentar(er)
