Building a macOS Red Team playground
12-09, 13:00–17:00 (Europe/London), Workshop Room 1

With an increasing number of companies, like start-ups and fintech firms, transitioning to macOS environments, the demand for macOS red team expertise is increasing. Setting up a comprehensive and effective macOS lab environment is a critical foundation for both offensive and defensive cybersecurity professionals. We all know how important this is, either to test payloads or create new one for the next gig.

However, the unique nature of macOS can pose challenges while simulating an environment, for those familiar with other platforms. This workshop aims to provide a guide for attendees to setup up a organisation like macOS playground (lab environment) along with AD integration to replicated organisational setup, for red teamer to get started.

In this hands-on workshop, participants will cover the following areas:

  • Foundation & Infrastructure - Familiarise themselves with hardware and virtualisation options compatible with macOS. We'll highlight the essentials for creating a controlled and isolated lab.

  • macOS Installation & Configuration - Going through the specifics of setting a virtual macOS machine along with different macOS versions, understanding the nuances of installation and configuration tailored for red team exercises.

  • Setting up AD (or equivalent) - Next dive into the intricacies of building a network of remotely managed mac devices using JAMF. Attendees will learn how to integrate and configure these platforms, simulating real-world enterprise settings and paving the way for sophisticated attack simulations.

  • Tool Integration - Understand the must-have tools and utilities for macOS red teaming. From exploitation frameworks to post-exploitation utilities, participants will integrate and optimize essential tools within the macOS ecosystem.

  • Practical Simulations - Following the lab setup, attendees will engage in exercises that mirror real-world red team operations on macOS specifically targeting initial access via payload based phishing.

Upon completing this workshop, attendees will possess the knowledge and expertise required to deploy their macOS red team lab, providing them with a platform to get started with macOS red teaming.

Workshop requirements:
- A laptop: macOS is ideal but not necessary,
- An AWS account with some credits - also not necessary, if you don't have/want to use one, you can sit and enjoy the part of the workshop that involves AWS.

Dhruv is an experienced cybersecurity professional with a key interest in leading & delivering Adversarial Attack (Red/Purple Team) simulations. He formerly established & served as the Head of the Red Team at Resillion and is about to start as the Head of Adversarial Simulations for a UK Bank.

Over the last few years, Dhruv’s core focus has been on developing the red team capability at Resillion, while focusing on testing less common environments such as MacOS. He has successfully delivered advanced attack simulations across a range of sectors including finance, healthcare, legal, and retail. Dhruv possesses extensive experience in executing projects under the UK CBEST/TBEST schemes. Dhruv’s role encompasses a wide array of responsibilities such as recruitment, training, overseeing sales/finances, as well as enhancing technical methodologies and processes.

This speaker also appears in:

Jack McBride is a senior red teamer at Resillion, a global cyber security services provider. In his role, Jack has managed and delivered a multitude of red and purple team engagements in seasoned Windows environments spanning multiple industry sectors, including finance, defence and government. Seeking a new challenge, he has recently made the jump into researching and breaking into macOS-based environments. In addition to being an Offensive Security MacOS Researcher (OSMR), Jack also holds the OSEP, OSWE and OSCP.