BSides Berlin: Inside Mythic: Dissecting a Modern Attack Framework
Table of Contents
Abstract
Your mission, if you choose to accept it: take on the role of a detection engineer to dissect the most popular attack framework for attacks against macOS, Mythic.
Mythic has various agents that can be easily integrated into the framework. In this talk, we will show common features of the agents, including how C2 communication works, how persistences can be set up, and how additional code can be executed.
Our goal is to develop robust strategies for detecting these agents and to identify additional traces on the system that can be found by executing these agents on an infected computer.
For the red teamers, we will discuss OPSEC considerations that need to be taken into account when using specific commands to prevent immediate detection through an EDR.
Youtube Video
Not recorded.