MacOS Native Tools Enable Stealthy Enterprise Attacks
ATT&CK techniques detected
T1021.002SMB/Windows Admin Shares
97%
"a single command. the research also highlights multiple native protocols that can be used for lateral movement and file transfer : - server message block ( smb ) for mounting remote shares - netcat for direct command execution and file delivery - git repositories for pushing payl…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.002AppleScript
54%
"leveraging apple ' s inter - process communication ( ipc ) framework, attackers can issue instructions without triggering conventional shell - based monitoring. in some cases, adversaries bypass built - in restrictions by using terminal as a proxy for execution, encoding payloads…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1559Inter-Process Communication
53%
"leveraging apple ' s inter - process communication ( ipc ) framework, attackers can issue instructions without triggering conventional shell - based monitoring. in some cases, adversaries bypass built - in restrictions by using terminal as a proxy for execution, encoding payloads…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1204User Execution
34%
"macos native tools enable stealthy enterprise attacks a growing range of native macos features are being repurposed by attackers to execute code, move laterally and evade detection, according to new research examining " living - off - the - land " ( lotl ) techniques on apple sys…"
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
macOS LOTL techniques bypass detection using native tools and metadata abuse