- YEARS RUNONLY APPLESCRIPTS TO AVOID DETECTION CODE
- YEARS RUNONLY APPLESCRIPTS TO AVOID DETECTION WINDOWS
Until recently, the only 3rd party alternative to Script Editor was priced at $200 and had a time-limited, 20-day demo period.
YEARS RUNONLY APPLESCRIPTS TO AVOID DETECTION CODE
There’s no debugger, there’s no variable introspection, there’s no code snippets or effective code completion, to name just a few missing features.
Source: AppleScript Overview, © 2002, 2007 Apple Inc.Īnd it’s historically been difficult to develop scripts with AppleScript because most people who come to it will attempt to use the free, built-in but notoriously spartan (Apple)Script Editor.app, which lacks almost every and any feature developers normally expect and need. Set theFiles to name of every file of folder "bin" of folder "usr" of startup diskĪppleScript is also slow in execution because, among other things, the underlying technology involves constructing and sending Apple Events through an archaic interface called the Apple Event Manager that was written for Apple’s System 7 operating system (released in 1991) and not optimized for performance even back then. The AppleScript version, however, is something of an entirely different nature. Path, dirs, files = next(os.walk("/usr/bin")) Python is a little more verbose, but still fairly clean and familiar: #!/usr/bin/python As ever, a shell script will always be the most concise: ls -l /usr/bin | wc -l Compare the code for the simple task of counting the number of items in /usr/bin directory. It’s quirky because it attempts to use “natural language” but in a grammar that is entirely artificial, often inconsistent and frustratingly unintuitive.
YEARS RUNONLY APPLESCRIPTS TO AVOID DETECTION WINDOWS
Unlike Bash and other shell languages, and unlike Python, a cross-platform, beginner-friendly scripting language that has achieved widespread adoption and praise, AppleScript is a language peculiar to macOS not only can you NOT use it on other Desktop operating systems like Windows and Linux, you can’t even use it on Apple’s other operating systems like iOS and iPadOS.Īs a language, AppleScript has a reputation for being quirky, slow and difficult to develop even simple scripts with. Why Have the Good Guys Ignored AppleScript? Worryingly, given the lack of attention paid to AppleScript in the research community, that is all without even leveraging some of AppleScript’s most powerful or unique features, some of which we’ll cover below (others I’ve written about before here). This includes its use in adware, its use for tasks such as persistence, anti-analysis, browser hijacking, spoofing and more.
There is much less attention in the security field on AppleScript – a built-in macOS technology – despite the fact it’s been around for as long as Python and predates macOS 10 itself by 8 or 9 years.Īs I’ll show in this post, AppleScript is widely used by offensive actors. When we think about security on macOS and the tools used by offensive actors, whether those are real in the wild attacks or red team exercises, we tend to think of things like python scripts, shell scripts, malicious documents, shady extensions and of course, the fake, doctored or trojan application bundle.
0 kommentar(er)
