Pwning in the Sandbox: OSX Macro Exploitation & Beyond

While performing red team engagements against a hybrid OSX/Windows environment we were challenged with creating successful maldocs targeting OSX systems with the up to date Microsoft Office Suite, which is protected by the OSX sandbox. After jumping through many hurdles both with VBA version conflicts and sandbox restrictions we successfully created our payload along with a post exploitation process to gather and exfil data from within the sandbox. Adam will share his experience with working with Apple security experts to block these attacks and put protections with a corporate environment. This is a perfect love story of Purple teaming which resulted in creating a more secure environment. Also, the mitigation we will be sharing for these attacks has not been publicly released by anyone including Apple at this point in time.

Presented by