Original release date: October 11, 2018
Summary

This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5]

In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world.

To aid the work of network defenders and systems administrators, we also provide advice on limiting the effectiveness of these tools and detecting their use on a network.

The individual tools we cover in this report are limited examples of the types of tools used by threat actors. You should not consider this an exhaustive list when planning your network defense.

...

The post macOS 10.14 And The Privacy Preferences Payload appeared first on krypted.com.

This document describes the security content of iOS 12.0.1.

Just some one-liners you may find useful… I’ve written about codesign a few times in the past. To see a detailed description of how an app was signed:

codesign -dvvvv /Applications/Firefox.app

This also gives you the bundleID for further inspection of an app. But there are a number of tools you can use to check out signing and go further into entitlements and sandboxing. You can check the 

asctl sandbox check --bundle com.microsoft.outlook

The response would be similar to 

/Applications/Microsoft Outlook.app:

signed with App Sandbox entitlements

In the above, we see that Outlook has entitlements to do some stuffs. But where do you see an indication of what it can do? There are a number of sandbox profiles located in /usr/share/sandbox and the more modern /System/Library/Sandbox/Profiles/ and Versions/A/Resources inside each framework should have a .sb file – but those are the Apple sandbox profiles. Additionally, you can see what...

The post Small Applescript to Migrate Mac Calendars appeared first on krypted.com.

Reporting on application usage is an interesting topic on the Mac. This is done automatically with a number of device management solutions. But there are things built into the OS that can help as well.

mdls "/Applications/Xcode.app" -name kMDItemLastUsedDate | awk '{print $3}'

Now, if you happen to also need the time, simply add ,$4 to the end of your awk print so you can see the next position, which is the time.

Additionally, a simple one-liner to grab the foreground app via AppleScript is:

osascript -e 'tell application "System Events"' -e 'set frontApp to name of first application process whose frontmost is true' -e 'end tell'

That’s pretty much all I had to say about that.

The post A couple one-liners for analyzing Mac app usage appeared first on krypted.com.

macOS now comes with a vulnerability scanner called mrt. It’s installed within the MRT.app bundle in /System/Library/CoreServices/MRT.app/Contents/MacOS/ and while it doesn’t currently have a lot that it can do – it does protect against the various bad stuff that is actually available for the Mac. To use mrt, simply run the binary with a -a flag for agent and then a -r flag along with the path to run it against. For example, let’s say you run a launchctl command to list LaunchDaemons and LaunchAgents running:

launchctl list

And you see something that starts with com.abc. Let me assure you that nothing should ever start with that. So you can scan it using the following command: 

sudo /System/Library/CoreServices/MRT.app/Contents/MacOS/mrt -a -r ~/Library/LaunchAgents/com.abc.123.c1e71c3d22039f57527c52d467e06612af4fdc9A.plist

What happens next is that the bad thing you’re scanning for will be checked to see if it matches a known hash from MRT or from /...

Numbers for iOS formats data based on what you enter. Learn how to change the format and enter data with the keyboard.