首页
社区
课程
招聘
[转帖]macOS Post-Exploitation Shenanigans with VSCode Extensions
发表于: 2021-1-15 08:18 1553

[转帖]macOS Post-Exploitation Shenanigans with VSCode Extensions

2021-1-15 08:18
1553

macOS Post-Exploitation Shenanigans with VSCode Extensions

Overview

It’s no secret that macOS post-exploitation is often centric around targeting the installed apps for privilege escalation, persistence and more. Indeed, we’ve previously posted about approaches for code injection in macOS apps in the past and would recommend a refresher if you’re unfamiliar with these techniques.


On a recent red team engagement, we were exploring the endpoint of a compromised engineer looking for opportunities to elevate. One of the apps the user was making heavy use of was VSCode which led to further research in to avenues to obtain code execution in the context of the app. As a supported means of code execution, perhaps the most obvious way to achieve this was through a “malicious” VSCode extension.


This post will cover how to create a malicious VSCode extension on macOS that can be used for further post-exploitation shenanigans.

https://www.mdsec.co.uk/2021/01/macos-post-exploitation-shenanigans-with-vscode-extensions/



[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

收藏
免费 0
支持
分享
最新回复 (0)
游客
登录 | 注册 方可回帖
返回
//