Taking a look at the code I was sure I was missing something, everything was so concise and clean unlike my previous exploration of VM hypervisors. With Big Sur came a framework which I initially didn’t pay too much attention to until I saw a tweet by unveiling his SimpleVM project. So in this post we will walk through how to spin up a small VM by leveraging the Virtualization framework, look at just how this acts for us as attackers, and hopefully give defenders a point of reference when looking to protect their Apple customers. With the introduction of Big Sur came the Virtualization framework, which alleviated a number of previous limitations, meaning that with a supported framework now provided on macOS 11, it’s a good time to explore this concept. While some real-world attackers have taken this to a clumsy concept (see Ragnar and Maze malware), deploying a full VirtualBox solution with Windows XP or Windows 7 on target isn’t exactly ideal. While this is a nice idea, the issues with creating this type of malware are obvious, with increased complexity, size and compatibility issues limiting what is viable against a target. But more so, I’ve been curious as to just how far traditional AV and EDR can go to detect malicious activity when running from a different virtual environment. The thought of having implant logic self-contained and running under a different OS to the base seems pretty interesting. « Back to home Bring Your Own VM - Mac Editionįor a while I’ve wanted to explore the concept of leveraging a virtual machine on target during an engagement.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |