GITBOOK-3959: change request with no subject merged in GitBook
This commit is contained in:
CPol
gitbook-bot
parent
2d9f506e60
commit
dacd10af82
Binary file not shown.
|
After Width: | Height: | Size: 7.8 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 7.8 KiB After Width: | Height: | Size: 436 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 436 KiB After Width: | Height: | Size: 24 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 24 KiB After Width: | Height: | Size: 18 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 18 KiB After Width: | Height: | Size: 199 KiB |
|
|
@ -109,7 +109,7 @@ In addition to the above WebSec is also a **committed supporter of HackTricks.**
|
|||
|
||||
### [HACK THE BOX](https://www.hackthebox.com/)
|
||||
|
||||
<figure><img src=".gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src=".gitbook/assets/image (2) (2).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
Hack The Box is an online platform designed to facilitate **learning and advancement in the field of cybersecurity**. Providing an array of real-life scenarios in a safe and controlled environment, Hack The Box allows users to test and grow their skills in penetration testing and ethical hacking.
|
||||
|
||||
|
|
|
|||
|
|
@ -152,6 +152,7 @@
|
|||
* [Enrolling Devices in Other Organisations](macos-hardening/macos-security-and-privilege-escalation/macos-mdm/enrolling-devices-in-other-organisations.md)
|
||||
* [macOS Basic Objective-C](macos-hardening/macos-security-and-privilege-escalation/macos-basic-objective-c.md)
|
||||
* [macOS Network Protocols](macos-hardening/macos-security-and-privilege-escalation/macos-protocols.md)
|
||||
* [macOS Kernel Extensions](macos-hardening/macos-security-and-privilege-escalation/macos-kernel-extensions.md)
|
||||
* [macOS Red Teaming](macos-hardening/macos-security-and-privilege-escalation/macos-red-teaming.md)
|
||||
* [macOS Serial Number](macos-hardening/macos-security-and-privilege-escalation/macos-serial-number.md)
|
||||
* [macOS TCC](macos-hardening/macos-security-and-privilege-escalation/macos-tcc.md)
|
||||
|
|
|
|||
|
|
@ -176,7 +176,7 @@ In the header first you find the **segment header**:
|
|||
|
||||
Example of segment header:
|
||||
|
||||
<figure><img src="../../../.gitbook/assets/image (2) (2) (1).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src="../../../.gitbook/assets/image (2) (2) (1) (1).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
This header defines the **number of sections whose headers appear after** it:
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,60 @@
|
|||
# macOS Kernel Extensions
|
||||
|
||||
<details>
|
||||
|
||||
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
|
||||
|
||||
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
|
||||
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
|
||||
|
||||
</details>
|
||||
|
||||
## Basic Information
|
||||
|
||||
Kernel extensions (Kexts) are **bundles** using **`.kext` extension** that are **loaded directly into the kernel space** of macOS, providing additional functionality to the core operating system.
|
||||
|
||||
### Requirements
|
||||
|
||||
Obviously, this is so powerful, it's complicated to load a kernel extension. These are the requirements of a kernel extension to be loaded:
|
||||
|
||||
* Going into **recovery mode** Kexts need to be **allowed to be loaded**:
|
||||
|
||||
<figure><img src="../../.gitbook/assets/image (2).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
* The Kext must be **signed with a kernel code signing certificate**, which can only be granted by **Apple**. Who will be **reviewing** in detail the **company** and the **reasons** why this is needed.
|
||||
* The Kext also needs to be **notarized**, Apple will be able to check it for malware.
|
||||
* Then, the **root user** is the one that can load the Kext and the files inside the bundle must belong to root.
|
||||
* Finally, once trying to load it, the [**user will be prompted for confirmation**](https://developer.apple.com/library/archive/technotes/tn2459/\_index.html) and if accepted, the computer must **reboot** to load it.
|
||||
|
||||
### Loading Process
|
||||
|
||||
Back in Catalina it was like this: It's interesting to note that the **verification** process occurs on **userland**. However, only applications with the entitlement **`com.apple.private.security.kext-management`** can **ask the kernel** to **load an extension:** kextcache, kextload, kextutil, kextd, syspolicyd
|
||||
|
||||
1. **`kextutil`** cli **starts** the verification process to load an extension
|
||||
* It'll talk to **`kextd`** sending using a Mach service
|
||||
2. **`kextd`** will check several things, such as the signature
|
||||
* It'll talk to **`syspolicyd`** to check if the extension can be loaded
|
||||
3. **`syspolicyd`** **asks** the **user** if the extension hasn't be loaded previously
|
||||
* **`syspolicyd`** will indicate the result to **`kextd`**
|
||||
4. **`kextd`** will finally be able to indicate the **kernel to load the extension**
|
||||
|
||||
If kextd is not available, kextutil can perform the same checks.
|
||||
|
||||
## References
|
||||
|
||||
* [https://www.makeuseof.com/how-to-enable-third-party-kernel-extensions-apple-silicon-mac/](https://www.makeuseof.com/how-to-enable-third-party-kernel-extensions-apple-silicon-mac/)
|
||||
|
||||
<details>
|
||||
|
||||
<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>
|
||||
|
||||
* Do you work in a **cybersecurity company**? Do you want to see your **company advertised in HackTricks**? or do you want to have access to the **latest version of the PEASS or download HackTricks in PDF**? Check the [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
||||
* Discover [**The PEASS Family**](https://opensea.io/collection/the-peass-family), our collection of exclusive [**NFTs**](https://opensea.io/collection/the-peass-family)
|
||||
* Get the [**official PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
||||
* **Join the** [**💬**](https://emojipedia.org/speech-balloon/) [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** me on **Twitter** [**🐦**](https://github.com/carlospolop/hacktricks/tree/7af18b62b3bdc423e11444677a6a73d4043511e9/\[https:/emojipedia.org/bird/README.md)[**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
|
||||
* **Share your hacking tricks by submitting PRs to the** [**hacktricks repo**](https://github.com/carlospolop/hacktricks) **and** [**hacktricks-cloud repo**](https://github.com/carlospolop/hacktricks-cloud).
|
||||
|
||||
</details>
|
||||
|
|
@ -279,7 +279,7 @@ An app with the **`kTCCServiceAppleEvents`** permission will be able to **contro
|
|||
|
||||
For example, if an App has **Automation permission over `iTerm`**, for example in this example **`Terminal`** has access over iTerm:
|
||||
|
||||
<figure><img src="../../.gitbook/assets/image (2) (2).png" alt=""><figcaption></figcaption></figure>
|
||||
<figure><img src="../../.gitbook/assets/image (2) (2) (1).png" alt=""><figcaption></figcaption></figure>
|
||||
|
||||
#### Over iTerm
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
</details>
|
||||
|
||||
 (2) (1) (1).png>)
|
||||
 (2) (1) (1) (1).png>)
|
||||
|
||||
**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
|
||||
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@
|
|||
|
||||
</details>
|
||||
|
||||
 (2) (1) (1).png>)
|
||||
 (2) (1) (1) (1).png>)
|
||||
|
||||
**Bug bounty tip**: **sign up** for **Intigriti**, a premium **bug bounty platform created by hackers, for hackers**! Join us at [**https://go.intigriti.com/hacktricks**](https://go.intigriti.com/hacktricks) today, and start earning bounties up to **$100,000**!
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue