当前位置:首页 > 报告详情

利用 Jamf 在企业环境中进行红队演练.pdf

上传人: 竿*** 编号:981919 2025-11-29 55页 1.65MB

1、#BHUSA BlackHatEventsLeveraging Jamf for Red Teaming in Leveraging Jamf for Red Teaming in Enterprise EnvironmentsEnterprise EnvironmentsByLance Cain and Daniel Mayer#BHUSA BlackHatEventsLance and DanLance Cain Service Architect at SpecterOps Inc.macOS Security Researcher Red Teaming and Pentest Lea

2、d Jamf Exploitation EnthusiastDaniel Mayer Senior Consultant at SpecterOps Inc.Ex-Senior Security Researcher at CrowdStrike Hobbyist free-to-play game cheat maker Blogs about it and other topics at mayer.cool#BHUSA BlackHatEventsOverview IntroductionMacOS in the Modern EnterpriseJamf Management and

3、PermissionsPros and Cons of Jamf AbuseTool References Privilege EscalationAccountsApi Integrations Code ExecutionPolicies and ScriptsPoliciesComputer Extension Attributes Defensive RecommendationsLocal vs.Cloud Deployments Credits and Kudos Questions#BHUSA BlackHatEventsIntroduction MacOS in Modern

4、Enterprises macOS is popular with developers,cloud admins,IT engineers,and users with privileged technical access#BHUSA BlackHatEventsIntroduction MacOS in Modern Enterprises macOS is popular with developers,cloud admins,IT engineers,and users with privileged technical access Often macOS devices are

5、 initially setup with a Jamf Pro enrollment and integrated with a cloud provider like Azure,then not monitored as much afterwards#BHUSA BlackHatEventsIntroduction MacOS in Modern Enterprises macOS is popular with developers,cloud admins,IT engineers,and users with privileged technical access Often m

6、acOS devices are initially setup with a Jamf Pro enrollment and integrated with a cloud provider like Azure,then not monitored as much afterwards Sharing some of the most dangerous attack paths we have discovered in client environments regarding Jamf Pro#BHUSA BlackHatEventsIntroduction Jamf Managem

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,以下是全文关键点的概括: 1. **MacOS在企业中的普及**:macOS在开发者、云管理员、IT工程师和具有技术权限的用户中很受欢迎,常与Jamf Pro集成。 2. **Jamf管理权限**:Jamf Pro提供多种管理功能,如移动设备管理、软件许可、设备合规性检查等,并允许通过API进行操作。 3. **Jamf滥用的优缺点**:优点包括EDR系统过滤以避免误报,以及自我签名软件部署选项;缺点是如果配置了日志转发,防御者可以追踪攻击路径。 4. **工具**:Eve和JamfHound是用于自动化攻击和可视化攻击路径的开源工具。 5. **权限提升**:通过创建或更新Jamf账户和API客户端,可以提升权限。 6. **代码执行**:通过Policies和Scripts,可以在macOS设备上执行脚本,默认以root权限运行。 7. **防御建议**:建议监控JSS访问和Tomcat访问日志,限制API凭证的使用时间,并配置防火墙以允许列表访问API端点。 8. **云环境注意事项**:云客户可能无法访问某些日志,但可以请求允许列表或付费日志转发服务。
"MacOS企业安全漏洞揭秘" 红队实战技巧" 如何防范Jamf风险?"
客服
商务合作
小程序
服务号
折叠