Skip Main Navigation
Eventbrite
Browse Events
Organize
Help
Log InSign Up
Menu
Page Content
This event has ended.
Adversary Tactics - Mac Tradecraft Training Course - SO-CON 2021 (GMT-7)

Actions Panel

Nov 01

Adversary Tactics - Mac Tradecraft Training Course - SO-CON 2021 (GMT-7)

Online Event - This course will take place online, using virtual software to stream live instructors during the scheduled delivery hours.

By SpecterOps

When and where

Date and time

Mon, Nov 1, 2021, 8:00 AM – Tue, Nov 2, 2021, 4:00 PM PDT

Location

Online

Refund Policy

Refunds up to 7 days before event
Eventbrite's fee is nonrefundable.

About this event

Online Event

This course will take place online, using virtual software to stream live instructors during the scheduled delivery hours of 8:00AM to 4:00PM PDT (UTC -7) / 11:00AM to 7:00PM EDT (UTC-4). Confirmed attendees will receive logistics information one week prior to the event.

-----------------------------------------------------------------------------

Red team operators enjoyed robust community and commercial tooling to simulate advanced adversary tradecraft in traditional enterprise environments. As organizations have increasingly moved to hybrid, or non-Windows, environments our red team community knowledge has not kept pace. This course focuses on bridging that gap, highlighting the latest macOS security enhancements, and arming red teamers with the foundational knowledge to operate against macOS endpoints. The objective is to deep dive into the concepts behind techniques to enable operational flexibility and prepare for future macOS enhancements, rather than simply training with specific available tooling.

Course Summary

While Windows is the main operating system in many enterprise environments, more companies are taking a hybrid approach to allow employees a choice of Mac or Windows, or forgoing Windows environments entirely. Regardless of the base operating system, the core tactics and tenant of adversary capability is the same - given enough time and resources, adversaries will find a way to achieve their objectives. Apple's approach to addressing the adversary problem is to force all non-Apple execution to user land and introduce new security enhancements for each version of macOS that bring the macOS and iOS operating systems closer together. When it comes to emulating tactics, techniques, and procedures (TTPs) on macOS, more time and emphasis must be placed on subverting Apple's custom controls such as Gatekeeper, Application Notarization, Entitlements, TCC, and the System Integrity Protection rather than bypassing EDR products.

The Adversary Tactics: Mac Tradecraft course drops you into a modern macOS hybrid environment which mimics what SpecterOps operators encounter in real world red team exercises. Students will focus on macOS payloads for initial access, crafting custom techniques on the fly via JXA and Objective C, identifying persistence and privilege escalation opportunities, stealing credentials, and avoiding common EDR detections via XPC services and native APIs. The course aims to teach students about the consequences of their actions and the details behind their techniques rather than just how to run common tooling.

Course Syllabus

Day 1:

  • Introduction & Course Overview
  • Lab and course range infrastructure
  • macOS Introduction
  • macOS Security
  • C2 Frameworks & Mythic Overview
  • JavaScript for Automation
  • Initial Access & Payload Development
  • Situational Awareness

Day 2:

  • Active Directory & Kerberos
  • Persistence
  • Entitlements, TCC, & System Integrity Protection
  • Privilege Escalation
  • Credential Access
  • Evasion

Student Requirements

This course is not for beginners and includes a team-based, on-keyboard execution of complex red team tradecraft against macOS endpoints. Participants should be comfortable with penetration testing concepts and tools, Active Directory, and macOS internals.

Hardware Requirements

  • Internet Connection
  • 8GBs of RAM
  • Modern Web Browser capable of rendering HTML5

Accommodations

Training will be taking place virtually.

FAQs

How can I contact the organizer with any questions?

Please email info@specterops.io with any questions.  

What's the refund policy?

Full refunds will be provided up to 7 days before the course start date.

Tags

  • Online Events
  • Online Classes
  • Online Science & Tech Classes
Event ended

Adversary Tactics - Mac Tradecraft Training Course - SO-CON 2021 (GMT-7)


Follow this organizer to stay informed on future events

SpecterOps

Event creator

Events you might like

  • Social Media Marketing Tactics

    Social Media Marketing Tactics
    Social Media Marketing Tactics

    Thu, Feb 2, 2023 10:00 AM PST (-08:00)
    Free
  • Team Leader Tactics - Leadership Workshop

    Team Leader Tactics - Leadership Workshop
    Team Leader Tactics - Leadership Workshop

    Thu, Feb 9, 2023 9:00 AM EST (-05:00)
    CA$35
  • Black Restaurant Accelerator Program - S1: Growth Tactics in Food Service

    Black Restaurant Accelerator Program - S1: Growth Tactics in Food Service
    Black Restaurant Accelerator Program - S1: Growth Tactics in Food Service

    Mon, Jan 30, 2023 12:30 PM CST (-06:00)
    Free
  • Fraud and Crypto Asset Investments; Criminal Tactics, Recovery Options?

    Fraud and Crypto Asset Investments; Criminal Tactics, Recovery Options?
    Fraud and Crypto Asset Investments; Criminal Tactics, Recovery Options?

    Wed, Feb 8, 2023 3:00 PM GMT (+00:00)
    Free
  • Boost Your Vehicle Service Contract Sales without High Pressure Tactics!

    Boost Your Vehicle Service Contract Sales without High Pressure Tactics!
    Boost Your Vehicle Service Contract Sales without High Pressure Tactics!

    Tue, Feb 7, 2023 1:00 PM EST (-05:00)
    $39
  • Tactical Telephone Sales

    Tactical Telephone Sales
    Tactical Telephone Sales

    Wed, Feb 8, 2023 10:00 AM GMT (+00:00)
    £377.89
  • [LIVE / ONLINE ] Amazon Advertising (PPC) and SEO Training Course

    [LIVE / ONLINE ] Amazon Advertising (PPC) and SEO Training Course
    [LIVE / ONLINE ] Amazon Advertising (PPC) and SEO Training Course

    Wed, Feb 1, 2023 9:00 AM GMT (+00:00)
    £240
  • WYS - Understanding Adverse Childhood Experiences (ACEs)

    WYS - Understanding Adverse Childhood Experiences (ACEs)
    WYS - Understanding Adverse Childhood Experiences (ACEs)

    Wed, Feb 1, 2023 11:00 AM PST (-08:00)
    Free
  • Adverse Childhood Experiences w/ Dr. Keely

    Adverse Childhood Experiences w/ Dr. Keely
    Adverse Childhood Experiences w/ Dr. Keely

    Thu, Feb 2, 2023 7:00 PM CST (-06:00)
    Free
  • Trauma Informed Working and Adverse Childhood Experiences: Basic Awareness.

    Trauma Informed Working and Adverse Childhood Experiences: Basic Awareness.
    Trauma Informed Working and Adverse Childhood Experiences: Basic Awareness.

    Wed, Feb 1, 2023 10:00 AM GMT (+00:00)
    Free

Site Navigation

Use Eventbrite

  • How it Works
  • Pricing
  • Eventbrite Boost
  • Eventbrite Mobile Ticket App
  • Eventbrite Check-In App
  • Eventbrite App Marketplace
  • Event Registration Software
  • Content Standards
  • FAQs
  • Sitemap

Plan events

  • Sell Tickets Online
  • Event Planning
  • Sell Concert Tickets Online
  • Event Payment System
  • Solutions for Professional Services
  • Event Management Software
  • Community Engagement
  • Virtual Events Platform
  • QR Codes for Event Check-In
  • Post your event online

Find events

  • Browse Online Events
  • Get the Eventbrite App

Connect with us

  • Report This Event
  • Help Center
  • Terms
  • Privacy
  • CA Privacy Notice
  • Accessibility
  • Community Guidelines
Eventbrite + Ticketfly

© 2023 Eventbrite