📄️ Introduction
Discovery consists of different techniques an attacker may use to gain knowledge about the host system. This is an important step which allows them to tailor their attacks against the host to achieve a higher success rate of exploitation. Additionally, once access to the host is made, native operating system tools can be used on the host. Essentially, this should be thought of in two ways; pre-compromise discovery, and post-compromise discovery.
📄️ External Network Services
Some of the common TCP ports that may be open on a macOS system from the Sharing section in System Preferences:
📄️ On-Device Discovery
System Information
📄️ User & Group Enumeration
TLDR: Get your user in the admin group (GID 20) if possible. If not possible, attempt to gain sudo access.
📄️ File and Directory Discovery
Understanding the Filesystem Structure