MacOS has a flaw that revolves around the OS's 'Automator' tool. This tool coupled with either social engineering strategies or a strong online deployment platform can easily give an attacker a shell on the user's machine. This attack is easy to facilitate, but difficult to mitigate. I'll cover deploying the 'bad application' through both social engineering, and through online distribution. With both of these sides I'll discuss how Systems Administrators and Security Engineers alike can mitigate the threat.

I'm a Mac / Windows systems administrator, cyber security enthusiast, and GIF-tweeter. I love challenges, and that's why I've spent so long working on making a relatively simple exploit into a difficult to mitigate issue. Also, I love corgis.

Back to Bsides Cleveland 2017 video list