gerconcepts.blogg.se

This configures the periodic check-in functionality for a host, and enables Jamf to effectively manage the system. When a device is enrolled in the Jamf environment for the first time, a number of launch agents, binaries and plists are installed. To provide some context, we're going to look briefly at the solution and pick out some key features that we will be attacking later on. At first we thought this was marketing spiel, however, after some research we learned that the platform is used by over 36,000 organisations, including 8 out of the top 10 largest fortune 500 companies and even by Apple themselves! As with many software packages, the security of the solution is dependent on how you configure it. Jamf self-describes as "The Standard for macOS in the Enterprise". If that gets you excited, keep on reading! starting on the internet with no privileges at all. Ultimately, by chaining the techniques discussed, we can obtain administrative control over all Jamf managed macOS (and iOS) devices. The techniques discussed in the post range from information disclosure, persistence, credential discovery and more. In the following sections, we will detail various attacks that we performed against organisations utilising Jamf to manage their macOS estates. We’ve even added in a few extra bits that we weren’t able to fit into the talk too! This post marks the release of the Jamf Attack Toolkit - a series of tools developed to facilitate the various attacks outlined in this post. This blog post is designed to complement the conference talk, and can be used as a reference when performing attacks against organisations utilising Jamf.

The slides for the talk can be found here.