{"id":10608,"date":"2022-07-07T09:32:17","date_gmt":"2022-07-07T09:32:17","guid":{"rendered":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?post_type=session&#038;p=10608"},"modified":"2024-09-03T02:16:57","modified_gmt":"2024-09-03T02:16:57","slug":"commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands","status":"publish","type":"session","link":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/","title":{"rendered":"COMMSEC: BadUSB Attacks on MacOS: Beyond Using the Terminal and Shell Commands"},"content":{"rendered":"<div class=\"simple_format\">\n<p><strong><a href=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/materials\/D2%20COMMSEC%20-%20BadUSB%20Attacks%20on%20MacOS%20-%20Beyond%20Using%20the%20Terminal%20and%20Shell%20Commands%20-%20Nicolas%20Buzy%20Debat.pdf\">PRESENTATION SLIDES<\/a><\/strong><\/p>\n<p style=\"text-align: justify;\">BadUSB attacks have been an essential part of a Red Teamer\u2019s bag of tricks for years. They allow us to relatively easily obtain a foothold on any unattended machine their user forgot to lock, by using a USB device that emulates a keyboard and sends a series of scripted malicious keystrokes. While it has been extensively used and documented on Windows systems, the examples available online for macOS systems are much scarcer and almost always rely on opening the terminal and issuing shell commands.<\/p>\n<p style=\"text-align: justify;\">This talk will present an alternative way of obtaining code execution and getting an implant running on the macOS target. We will leverage a trusted, Apple-signed Live-off-the-Land binary (LOLBIN) and macOS-specific scripting languages which are available on a default installation. Every single step involved in the process will be done with stealth in mind and to avoid any disruption in the user\u2019s environment. Tips will also be given along the way to overcome some challenges caused by macOS\u2019 specificities.<\/p>\n<\/div>\n","protected":false},"template":"","class_list":["post-10608","session","type-session","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>COMMSEC: BadUSB Attacks on MacOS: Beyond Using the Terminal and Shell Commands - HITBSecConf2024 - Bangkok<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"COMMSEC: BadUSB Attacks on MacOS: Beyond Using the Terminal and Shell Commands - HITBSecConf2024 - Bangkok\" \/>\n<meta property=\"og:description\" content=\"PRESENTATION SLIDES BadUSB attacks have been an essential part of a Red Teamer\u2019s bag of tricks for years. They allow us to relatively easily obtain a foothold on any unattended machine their user forgot to lock, by using a USB device that emulates a keyboard and sends a series of scripted malicious keystrokes. While it [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/\" \/>\n<meta property=\"og:site_name\" content=\"HITBSecConf2024 - Bangkok\" \/>\n<meta property=\"article:modified_time\" content=\"2024-09-03T02:16:57+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/\",\"name\":\"COMMSEC: BadUSB Attacks on MacOS: Beyond Using the Terminal and Shell Commands - HITBSecConf2024 - Bangkok\",\"isPartOf\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website\"},\"datePublished\":\"2022-07-07T09:32:17+00:00\",\"dateModified\":\"2024-09-03T02:16:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Session\",\"item\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"COMMSEC: BadUSB Attacks on MacOS: Beyond Using the Terminal and Shell Commands\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website\",\"url\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/\",\"name\":\"HITBSecConf2024 - Bangkok\",\"description\":\"August 26 - 30 @ InterContinental\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"COMMSEC: BadUSB Attacks on MacOS: Beyond Using the Terminal and Shell Commands - HITBSecConf2024 - Bangkok","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/","og_locale":"en_US","og_type":"article","og_title":"COMMSEC: BadUSB Attacks on MacOS: Beyond Using the Terminal and Shell Commands - HITBSecConf2024 - Bangkok","og_description":"PRESENTATION SLIDES BadUSB attacks have been an essential part of a Red Teamer\u2019s bag of tricks for years. They allow us to relatively easily obtain a foothold on any unattended machine their user forgot to lock, by using a USB device that emulates a keyboard and sends a series of scripted malicious keystrokes. While it [&hellip;]","og_url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/","og_site_name":"HITBSecConf2024 - Bangkok","article_modified_time":"2024-09-03T02:16:57+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/","name":"COMMSEC: BadUSB Attacks on MacOS: Beyond Using the Terminal and Shell Commands - HITBSecConf2024 - Bangkok","isPartOf":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website"},"datePublished":"2022-07-07T09:32:17+00:00","dateModified":"2024-09-03T02:16:57+00:00","breadcrumb":{"@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/commsec-badusb-attacks-on-macos-beyond-using-the-terminal-and-shell-commands\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/"},{"@type":"ListItem","position":2,"name":"Session","item":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/session\/"},{"@type":"ListItem","position":3,"name":"COMMSEC: BadUSB Attacks on MacOS: Beyond Using the Terminal and Shell Commands"}]},{"@type":"WebSite","@id":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/#website","url":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/","name":"HITBSecConf2024 - Bangkok","description":"August 26 - 30 @ InterContinental","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/session\/10608"}],"collection":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/session"}],"about":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/types\/session"}],"wp:attachment":[{"href":"https:\/\/conference.hitb.org\/hitbsecconf2024bkk\/wp-json\/wp\/v2\/media?parent=10608"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}