In this case, we have not seen the actor use any of the more powerful features of AppleScript … but that is an attack vector that remains wide open and which many defensive tools are not equipped to handle. In the event that other threat actors begin picking up on the utility of … run-only AppleScripts, we hope this research and the tools discussed above will prove to be of use to analysts. Īut this Anonymous Coward thinks Phil is hyping it up a bit: applescript-disassembler has been around for at least four years and it's just one "run only AppleScript" disassembler.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |