GitBook: [master] 8 pages modified

SUMMARY.md

@@ -58,10 +58,10 @@
 * [MacOS Security & Privilege Escalation](macos/macos-security-and-privilege-escalation/README.md)
   * [Mac OS Architecture](macos/macos-security-and-privilege-escalation/mac-os-architecture.md)
   * [MacOS MDM](macos/macos-security-and-privilege-escalation/macos-mdm.md)
+  * [MacOS Protocols](macos/macos-security-and-privilege-escalation/macos-protocols.md)
   * [MacOS Red Teaming](macos/macos-security-and-privilege-escalation/macos-red-teaming.md)
-  * [Mac OS Protocols](macos/macos-security-and-privilege-escalation/mac-os-protocols.md)
-  * [Inspecting, debugging and Fuzzing Mac OS Software](macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md)
-  * [Mac OS Serial Number](macos/macos-security-and-privilege-escalation/macos-serial-number.md)
+  * [MacOS Serial Number](macos/macos-security-and-privilege-escalation/macos-serial-number.md)
+  * [MacOS Apps - Inspecting, debugging and Fuzzing](macos/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing.md)
 
 ## Windows
 

macos/macos-security-and-privilege-escalation/README.md

@@ -145,7 +145,11 @@ You can enable/disable these services in "System Preferences" --> Sharing
 
 ### MacOS Protocols
 
-{% page-ref page="mac-os-protocols.md" %}
+{% page-ref page="macos-protocols.md" %}
+
+### MacOS - Inspecting, Debugging and Fuzzing
+
+{% page-ref page="macos-apps-inspecting-debugging-and-fuzzing.md" %}
 
 ## MacOS Security Mechanisms
 
@@ -890,7 +894,13 @@ and tin this case the content cannot be decompiled even with `osadecompile`
 
 However, there are still some tools that can be used to understand this kind of executables, [**read this research for more info**](https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/)\). The tool [**applescript-disassembler**](https://github.com/Jinmo/applescript-disassembler) with [**aevt\_decompile**](https://github.com/SentineLabs/aevt_decompile) will be very useful to understand how the script works.
 
-## MacOS Automatic Enumeration
+## MacOS Red Teaming
+
+Red Teaming in **environments where MacOS** is used instead of Windows can be very **different**. In this guide you will find some interesting tricks for this kind of assessments:
+
+{% page-ref page="macos-red-teaming.md" %}
+
+## MacOS Automatic Enumeration Tools
 
 * **MacPEAS**: [https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS](https://github.com/carlospolop/PEASS-ng/tree/master/linPEAS)
 * **Metasploit**: [https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum\_osx.rb](https://github.com/rapid7/metasploit-framework/blob/master/modules/post/osx/gather/enum_osx.rb)

macos/macos-security-and-privilege-escalation/macos-apps-inspecting-debugging-and-fuzzing.md

@@ -1,4 +1,4 @@
-# Inspecting, debugging and Fuzzing Mac OS Software
+# MacOS Apps - Inspecting, debugging and Fuzzing
 
 ## Static Analysis
 

macos/macos-security-and-privilege-escalation/macos-protocols.md

@@ -1,4 +1,4 @@
-# Mac OS Protocols
+# MacOS Protocols
 
 ## Bonjour
 

macos/macos-security-and-privilege-escalation/macos-red-teaming.md

@@ -7,6 +7,14 @@
 
 If you manage to **compromise admin credentials** to access the management platform, you can **potentially compromise all the computers** by distributing your malware in the machines.
 
+For red teaming in MacOS environments it's highly recommended to have some understanding of how the MDMs work:
+
+{% page-ref page="macos-mdm.md" %}
+
+And also about **MacOS** "special" **network** **protocols**:
+
+{% page-ref page="macos-protocols.md" %}
+
 ## Active Directory
 
 In some occasions you will find that the **MacOS computer is connected to an AD**. In this scenario you should try to **enumerate** the active directory as you are use to it. Find some **help** in the following pages:

macos/macos-security-and-privilege-escalation/macos-serial-number.md

@@ -1,4 +1,4 @@
-# Mac OS Serial Number
+# MacOS Serial Number
 
 Apple devices manufactured after 2010 generally have **12-character alphanumeric** serial numbers, with the **first three digits representing the manufacturing location**, the following **two** indicating the **year** and **week** of manufacture, the next **three** digits providing a **unique** **identifier**, and the **last** **four** digits representing the **model number**.