macOS Server Penetration Testing

Lorem ipsum dolor sit amet, consectetur adipisicing elit sed do eiusmod tempor incididunt ut labore et dolore magna.
THREATS, TACTICS AND PROCEDURES TTP
MITRE’S ATT&CK®
macOS Pen Test
Initial Access to macOS
1. Drive-by-Compromise.
2. Exploit public-facing apps.
3. Hardware Additions.
4. Phishing.
5. Supply Chain Compromise.
6. Trusted Relationships.
7. Valid Accounts.
Execution – macOS
1. Command and Scripting Interpreter.
2. Exploitation for client execution.
3. Native API.
4. Scheduled Task/Jobs.
5. Software Deployment Tools.
6. System Services.
7. User Services.
Persistence – macOS
1. Account Manipulation.
2. Boot or Logon Autostart Execution.
3. Boot Initialisation Scripts.
4. Browser Extensions.
5. Compromise Client Software Binary.
6. Create Account.
7. Create or Modify System Process.
8. Event Triggered Execution.
9. Hijack Execution Flow.
10. Scheduled Task/Jobs.
11. Server Software Component.
12. Traffic Signalling.
13. Valid Accounts.
Privilege Escalation – macOS
1. Abuse Elevation Control Mechanism.
2. Logon Autostart Execution.
3. Logon Initialisation Scripts.
4. Create or Modify System Process.
5. Event Triggered Execution.
6. Exploitation for Privilege Escalation.
7. Hijack Execution Flow.
8. Process Injection.
9. Scheduled Cronjobs.
10. Valid Accounts.
Defence Evasion – macOS
1. Abuse Elevation Control Mechanism.
2. De-obfuscate or Decode Files or Information.
3. Execution Guardrails.
4. Exploitation for Defense Evasion.
5. File and Directory Permissions Modification.
6. Hide Artifacts.
7. Hijack Execution Flow.
8. Impair Defenses.
9. Indicator Removal of Host.
10. Masquerading.
11. Modify Authentication Process.
12. Obfuscated Files or Information.
13. Process Injection.
14. Rootkits.
15. Subvert Trust Controls.
16. Traffic Signalling.
17. Valid Accounts.
18. Virtualisation or Sandbox Evasion.
Credential Access in macOS
1. Brute Force.
2. Credentials from Password Stores.
3. Exploitation for Credential Access.
4. Input Capture.
5. Man-in-the-Middle (MiTM) Attacks.
6. Modify Authentication Process.
7. Network Sniffing.
8. OS Credential Dumping.
9. Steal Web Session Cookie.
10. 2FA Interception.
11. Insecure Credentials.
Discovery – macOS
1. Account Discovery.
2. Application Window Discovery.
3. Browser Bookmark Discovery.
4. File and Directory Discovery.
5. Network Service Scanning.
6. Network Share Discovery.
7. Network Sniffing.
8. Password Policy Discovery.
9. Peripheral Device Discovery.
10. Permission Groups Discovery.
11. Process Discovery.
12. Remote System Discovery.
13. Software Discovery.
14. System Information Discovery.
15. System Network Configuration Discovery.
16. System Network Connections Discovery.
17. System Owner/User Discovery.
18. Virtualisation or Sandbox Evasion.
Lateral Movement – macOS
1. Exploitation of Remote Services.
2. Internal SpearPhishing.
3. Lateral Tool Transfer.
4. Remote Service Session Hijacking.
5. Remote Services.
6. Software Deployment Tools.
Collection – macOS
1. Archive Collected Data.
2. Audio Capture.
3. Automated Collection.
4. Clipboard Data.
5. Data from Information Repositories.
6. Data from Local System.
7. Data from Network Shared Drive.
8. Data from Removable Media.
9. Data Staged.
10. Input Capture.
11. Man-in-the-Middle (MiTM) Attacks.
12. Screen Capture.
13. Video Capture.
Command and Control – macOS
1. Application Layer Protocol.
2. Communication Through Removable Media.
3. Data Encoding.
4. Data Obfuscation.
5. Dynamic Resolution.
6. Encrypted Channel.
7. Fallback Channels.
8. Ingress Tool Transfer
9. Multi-Stage Channels.
10. Non-Application Layer Protocols.
11. Non-Standard Ports.
12. Protocol Tunnelling.
13. Proxy.
14. Remote Access Software.
15. Traffic Signalling.
16. Web Services.
Exfiltration – macOS
1. Automated Exfiltration.
2. Data Transfer Size Limits.
3. Exfiltration over Alternative Protocols.
4. Exfiltration over C2 Channel.
5. Exfiltration over other Network Medium.
6. Exfiltration over Physical Medium.
7. Exfiltration over Web Service.
8. Scheduled Cronjobs.
Impact of macOS Attacks
1. Account Access Removal.
2. Data Destruction.
3. Data Encrypted for Impact.
4. Data Manipulation.
5. Defacement.
6. Disk Wipe.
7. Endpoint Denial of Service.
8. Firmware Corruption.
9. Inhibit System Recovery.
10. Network Denial of Service.
11. Resource Hijacking.
12. System Shutdown/Reboot.