'All Your Macs are belong to us' by @objective_see - how and w | PT SWARM
"All Your Macs are belong to us" by @objective_see - how and why an unsigned, unnotarized, script-based proof of concept application could trivially and reliably sidestep all of macOS’s relevant security mechanisms (File Quarantine, Gatekeeper, and Notarization Requirements) … even on a fully patched M1 macOS system, reverting protection from running malicious code to a pre-2007 era.
Contents: • Outline • Background • File Quarantine • Gatekeeper • Notarization Requirements • Quarantine Attribute • Problem(s) In Paradise • Root Cause Analysis • To The Logs! • To The Disassembler & Debugger! • A Recap • In the Wild • The Patch • Protections • Detections • Conclusions
Positive Technologies Offensive Team: twitter.com/ptswarm. This is the channel where we share articles/vulnerabilities/scripts/etc, not necessarily authored by us, that we find interesting...