This is part 11 in the series of “Beyond the good ol’ LaunchAgents”, where I try to collect various persistence techniques for macOS. For more background check the introduction. TL;DR Link to heading It works, but very limited due to heavy sandboxing, you can only read and copy files to your sandbox folder or consume some CPU power. If you have a way to escape sandbox then go for it, or could be used as part of a multi-part malware.| theevilbit.github.io
I was always amazed by @Hexacorn’s Beyond good ol’ Run key blog post series, which collects various persistence methods on Windows. It’s an awesome series, which has 133 parts at the time of this writing. I find them pretty cool, and if you are doing either offensive or defensive work on Windows, this is a must read and follow blog. In the past years as my interest in macOS grew, and now that I’m mostly doing only macOS related research and studies I started to came across many - many...| theevilbit blog