Introduction

Discovery consists of different techniques an attacker may use to gain knowledge about the host system. This is an important step which allows them to tailor their attacks against the host to achieve a higher success rate of exploitation. Additionally, once access to the host is made, native operating system tools can be used on the host. Essentially, this should be thought of in two ways; pre-compromise discovery, and post-compromise discovery.

Since macOS is primarily an endpoint computer, we will go from the assumption that we have a standard user account on a Corporate controlled macOS system.

We will break Discovery out into two categories; External Network Services, and On-Device!