Press "Enter" to skip to content

Category: EmPyre

OS X Office Macros with EmPyre

This post is part of the ‘EmPyre Series’ with some background and an ongoing list of series posts [kept here]. One of the (many) challenges with operating in an OS X heavy environment is initial access. Without a still working exploit/0day or compromising something like JAMF to deploy out OS X agents/commands you need some way to trigger initial access on target machines. Luckily there’s a way to craft macros for OS X Office 2011 documents that trigger system commands, meaning we can weaponize documents for EmPyre just like its Windows equivalent. Note: we are not claiming that we invented macros on…

Building an EmPyre with Python

The “EmPyre Series” 5/12/16 – Building an EmPyre with Python 5/18/16 – Operating with EmPyre 5/24/16 – The Return Of the EmPyre 5/31/16 – OS X Office Macros with EmPyre Our team has increasingly started to encounter well secured environments with a large number of Mac OS X machines. We realized that while we had a fairly expansive Windows toolkit, there were very few public options available for OS X agents, and none that satisfied our particular requirements. Our group is used to operating in heavy Windows environments (hence me not shutting up about offensive PowerShell on this blog) so we felt a bit out of our element,…