Whitelisting MAC - Mandatory Access Control
SETUP
Custom Keyboard Layouts - (Or non-default) - Github
HARDENING & SECURITY
DNS Servers
Privacy: Set DNS Servers
sudo networksetup -setdnsservers Wi-Fi <DNS Server IP>Keychain
# List Keychains (Database && application)
security list-keychains
# Add private key to the keychain:
security import my_key.pem -k $HOME/Library/Keychains/login.keychain-db # This path varies, check with list-keychains
1 key imported. # Output if successfulHardening Guidance
General NCSC Guidance
MacOS Internals:
- Activar Firewall y FileVault (Cifrado de disco duro)
Firmware Password
Poweruser utilities (Security)
Useful poweruser utilities:
Encrypt USB Drive (Monterey)
Add specific folder encryption
- Using a new USB drive, select Disk Utility, View → Show All Devices (Without this we can’t change the USB’s file system to APFS)
- Select the root folder, erase and set it to APFS & GUID Partition map:
- Right-click on the drive, select “Encrypt”:
- (It will prompt for the password every time it is inserted into the Macbook)
OFFENSIVE
Chainbreaker can be used to extract the following types of information from an OSX keychain in a forensically sound manner:
- Hashed Keychain password, suitable for cracking with hashcat or John the Ripper
- Internet Passwords
- Generic Passwords
- Private Keys
- Public Keys
- X509 Certificates
- Secure Notes
- Appleshare Passwords
