Cedric OwensWhat To Expect When You’re “Expecting” — Purple Team EditionThis blog post describes how “expect” routines can be used to help make Purple Team exercises more efficient and repeatable. In particular…12 min read·Aug 4, 2023----
Cedric OwensTaking ESF For A(nother) Spin2+ years ago from the date of this blog post I wrote my initial blog post where I started becoming familiar with Apple’s Endpoint Security…8 min read·May 25, 2022----
Cedric OwensGive Me Some (macOS) Context…This blog post will dive into what I like to call “execution contexts” on macOS and why it is important to understand these different…6 min read·Feb 26, 2022----
Cedric OwensQuerying Spotlight APIs With JXATL;DR This blog post takes a brief look at how to use JXA (native JavaScript for Automation on macOS) to query Spotlight APIs. In…5 min read·Feb 19, 2022----
Cedric Owens“Spotlighting” Your TCC Access PermissionsNote: This is not a TCC Bypass. Instead this is a technique for checking TCC access permissions6 min read·Oct 30, 2021----
Cedric Owens“HELK’ing” Your macOS Red Team Tools For DetectionsThis post builds on content from 4n7m4n’s prior blog post “Acting Red — Seeing Blue” (link). Specifically, I automated HELK server standup…5 min read·Aug 3, 2021----
Cedric OwensWorking Around macOS Privacy Controls in Red Team OpsThis blog post will take a look at some simple basics around what macOS privacy controls (Transparancy, Consent, and Control a.k.a. TCC)…5 min read·Jul 16, 2021--1--1
Cedric OwensInteresting macOS Chrome Browser FilesThis blog will take a quick look at Chrome files on macOS that are not protected by TCC and do not require root access to read from. As…4 min read·Jul 11, 2021----
Cedric OwensmacOS MS Office Sandbox Brain DumpThis blog will take a look at some observations regarding what is still possible from the MS Office Sandbox on macOS. This is a combination…4 min read·May 22, 2021----
Cedric OwensCVE-2021–30657 RevisitedThis is a quick follow-up to my previous blog where I discussed how I found the bug behind CVE-2021–30657 (link to previous blog, which…2 min read·May 3, 2021----