12/20/2023 0 Comments Apple screensavers![]() ![]() Of course, this behavior can be modified by placing process running checks in the malicious screensaver project. Two instances of persistence execution PID 5967 and PID 5973 The culmination of this research is ScreenSaverPersist.js, which I have included in the PersistentJXA project. By changing the values in the screensaver plist ( ~/Library/Preferences/ByHost/), an adversary can set a new screensaver and set configuration options such as the user inactivity time. Plists are the macOS equivalent of the Windows registry. ![]() Like my Dock persistence method, this technique relies on the ability end-users have to modify a property list (plist). After taking a closer look, these can be abused for persistence in a similar fashion as on Windows. On macOS, these are Mach-O executables that are saved within application bundles with the. On Windows, screensavers execute after a configurable time of user inactivity and consist of Portable Executable (PE) files with a. This is an established persistence method on Windows, as noted on the MITRE ATT&CK page. Screensavers for macOS Persistence BackgroundĪfter revisiting old internal discussions, an area of interest was the possibility of using screensavers for persistence on macOS. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |