SO-CON 2020
Contact Us

Course Summary – 2 Day Offering

While Windows is the main operating system in many enterprise environments, more companies are taking a hybrid approach to allow employees a choice of Mac or Windows, or forgoing Windows environments entirely. Regardless of the base operating system, the core tactics and tenant of adversary capability is the same - given enough time and resources, adversaries will find a way to achieve their objectives. Apple's approach to addressing the adversary problem is to force all non-Apple execution to user land and introduce new security enhancements for each version of macOS that bring the macOS and iOS operating systems closer together. When it comes to emulating tactics, techniques, and procedures (TTPs) on macOS, more time and emphasis must be placed on subverting Apple's custom controls such as Gatekeeper, Application Notarization, Entitlements, TCC, and the System Integrity Protection rather than bypassing EDR products.

The Adversary Tactics: macOS Tradecraft course drops you into a modern macOS hybrid environment which mimics what SpecterOps operators encounter in real world red team exercises. Students will focus on macOS payloads for initial access, crafting custom techniques on the fly via JXA and Objective C, identifying persistence and privilege escalation opportunities, stealing credentials, and avoiding common EDR detections via XPC services and native APIs. The course aims to teach students about the consequences of their actions and the details behind their techniques rather than just how to run common tooling.

Day 1
  • Introduction & Course Overview
  • Lab and course range infrastructure
  • macOS Introduction
  • macOS Security
  • C2 Frameworks & Mythic Overview
  • JavaScript for Automation
  • Initial Access & Payload Development
  • Situational Awareness
Day 2
  • Active Directory & Kerberos
  • Persistence
  • Entitlements, TCC, & System Integrity Protection
  • Privilege Escalation
  • Credential Access
  • Evasion

Private Onsite Training

If a public offering of the training classes does not fit your busy schedule, our team of experts are available to provide a private training offering to your organization. This is by far the best way for your team to get one on one access to the instructors and solidify the material. We provide all training material as well as laptops and classroom locations if needed.

Ready To Get Started?