| |||||
| |||||
Search Irongeek.com:
Help Irongeek.com pay for bandwidth and research equipment: |
I was approached by Fusion to be part of their Real Future, documentary - specifically, and I quote, to see how badly I could fuck his life up, while having control of his laptop,. They wanted me to approach this scenario from how a typical attacker would see it. This journalist was San Francisco Bay Area based, so that meant he was using a mac, an iphone, and his office was using google apps and likely 2 factor authentication for everything. No windows, no powershell, no ms08_067, no netbios, no backdoored ms office documents - how was I supposed to get in? Well, I did get in, but then I was faced with another problem - metasploit doesn,t work so well when attacking osx. And outside of that, there really aren,t ANY tools (at least public ones) that are built for attacking osx. I had to build a toolkit for myself ON THE VICTIMS MACHINE, LIVE during the engagement. And I,m going to tell you all how I did that, what I did, what worked and what didn,t work. The one thing I can say is now I understand why the NSA does surveillance the way they do. You learn 10x more from watching someone via screenshots than you will from any shell, hands down, every time.
15 most recent posts on Irongeek.com:
|
If you would like to republish one of the articles from this site on your
webpage or print journal please contact IronGeek.
Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast