Security is full of hidden features
In an attempt to start contributing back to the security community, I am starting a new blog series about Red Teaming for and with Macs. Macs seem to be more and more popular, but most red teaming blogs are exclusively Windows based. In conjunction with these blog posts, I will be releasing tools to help with red teamers on Macs.
Blog Series
- Series #1:
- Active Directory Discovery
- Basics of Active Directory discovery with JXA, command-line tools, and wrapped in Orchard
- Active Directory Discovery - Now with more Objective
- Delving deeper into Objective C bridge in JXA to query Active Directory via APIs
- Series #2:
- Creating an Apfell - Part 1 - Sanic
- Creating a basic RESTful, asynchronous, python web server
- Creating an Apfell - Part 2 - peewee, peewee-async
- Connecting to a Postgres database, ORMs, and event loops
- Creating an Apfell - Part 3 - Jinja2, Twitter Bootstrap
- User interface HTML templeting with Jinja2 and new UI elements with twitter bootstrap
- Creating an Apfell - Part 4 - LISTEN/NOTIFY, Websockets
- Asynchronous notifications from Postgres database, websockets (both in Sanic and JavaScript)
- Creating an Apfell - Part 5 - Vue
- Dynamic real-time page updates with Vue
- Creating an Apfell - Part 6 - Sanic-auth, Sanic-wtf
- User authentication with sanic-auth, and form submissions with sanic-wtf
- Bare-Bones Apfell server code release
- Initial release of a bare-bones server incorporating all of the above elements for expansion
- Current frameworks: the upsides, the downsides, and my ideal
- A brief walkthrough of common red teaming frameworks and why I decided to learn how to create my own
- Series #3:
- Beginning the operational tracking
- An initial walkthrough of some updates and the beginnings of tracking operations - Payloads and Callbacks
- C2 Profile Management
- C2 Profile creation and tracking, now with more analytics and management
- Series #4:
- Creating a RAT - Part 1 - What is basic functionality
- A walkthrough of the first release of apfell-jxa to discuss what is required for a basic RAT
- Creating a RAT - Part 2 - Upping the game, securing your comms
- Adding encryption, authentication, and detection checks to your basic RAT
- Creating a RAT - Part 3 - Updating configurations
- How to update configurations on the fly, including swapping out C2 mechanisms and loading code in JXA
Externnal Posting:
- Folder Action Persistence - Walkthrough of a new persistence technique via Folder Actions
- All of my Medium Posts - Just a link to all of my posts on Medium in case they don’t get linked here
Tooling
- Orchard - A JavaScript for Automation (JXA) Active Directory enumeration tool.
- Apfell - A macOS, post-exploit framework for red teaming
- apfell-jxa - A JXA implant for use with the Apfell framework.
- HealthInspector - A JXA script to do situational awareness without spawning new shell commands
- KeytabParser - A python script to parse macOS’ Heimdal Keytab files and display the associated keys
For the Network is Dark and Full of Terrors
This is just a blog for personal coding projects, blog posts, and other interesting things that relate to red teaming, pen testing, CTFs, etc. By hosting it here, I can easily reference other github repositories and gists.