Abstract

Your mission if you choose to accept it: take on the role of a detection engineer to dissect the most popular attack framework for attacks against macOS, Mythic.

Mythic has various agents that can be easily integrated into the framework. In this talk, we will show common features of the agents, including how C2 communication works, how persistence can be set up, and how additional code can be executed.

Our goal is to create robust strategies for the detection of these agents and to find additional traces on the system that can be found by executing these agents on an infected computer. For the red teamers, we will discuss OPSEC considerations that need to be taken into account when using specific commands to prevent immediate detection through an EDR.

Youtube Video

Not recorded.