networksetup #

Created by Jason Trost (@jason_trost)

Description ##

networksetup extensive tool for reading and setting various network configuration details useful for Discovery and Command and Control.

Paths ##

• /usr/sbin/networksetup

Use Cases ##

network device enumeration ##

Use networksetup to display services with corresponding port and device in order they are tried for connecting to a network.

networksetup -listnetworkserviceorder

Detect connected network hardware ##

Use networksetup to detect new network hardware and create a default network service on the hardware.

networksetup -detectnewhardware

network device enumeration ##

Use networksetup to list all network interfaces, providing name, device name, MAC address.

networksetup -listallhardwareports

network device enumeration ##

Use networksetup to list all network interface names.

networksetup -listallnetworkservices

DNS server enumeration ##

Use networksetup to get configured DNS servers for a specific interface.

networksetup -getdnsservers Wi-Fi

Enumerate configured web proxy URL for an interface ##

Displays web proxy auto-configuration information for the specified interface.

networksetup -getautoproxyurl "Thunderbolt Ethernet"

Enumerate configured web proxy for an interface ##

Displays standard web proxy information for the specified interface.

networksetup -getwebproxy "Wi-Fi"

Set the https web proxy for an interface ##

Use networksetup to set the https web proxy for an interface.

networksetup -setsecurewebproxy "Wi-Fi" 46.226.108.171

Set the http web proxy for an interface ##

Use networksetup to set the http web proxy for an interface.

networksetup -setwebproxy "Wi-Fi" 46.226.108.171

Set auto proxy URL for an interface ##

Use networksetup to set the proxy URL for an interface.

networksetup -setautoproxyurl "Wi-Fi" $autoProxyURL

Enable auto proxy state ##

Use networksetup to enable the proxy auto-config

networksetup -setautoproxystate "Wi-Fi" on

Detections ##

• No detections at time of publishing

Resources ##

• Threat Hunting the macOS edition Megan Carney (Report)

• GrrCon 2018: Threat Hunting the macOS edition Megan Carney

• Mac Malware of 2017 - a comprehensive analysis of the new mac malware of 17

• Ay MaMi - Analyzing a New macOS DNS Hijacker: OSX/MaMi

• Analyzing OSX.DazzleSpy - A fully-featured cyber-espionage macOS implant

• The Mac Malware of 2018 - a comprehensive analysis of the new mac malware of - 18

• From The DPRK With Love - analyzing a recent north korean macOS backdoor