Black Hat USA 2025 | Leveraging Jamf for Red Teaming in Enterprise Environments

During the preceding year, SpecterOps has had a surprising amount of success leveraging Jamf APIs to laterally move and execute code on managed macOS systems in mature Fortune 500 client environments with multiple name-brand security products in use. Much of this is due to a lack of awareness among defenders regarding the impacts a compromised Jamf account can have on their organization. Come learn the details of Jamf exploitation techniques available to threat actors and employed by SpecterOps during the preceding year, performing red team assessments of Fortune 500 client organizations to execute reconnaissance and lateral movement undetected. SpecterOps will share the processes they employ upon gaining access to Jamf administrators or service accounts to leverage APIs to accomplish objectives targeting macOS while evading detections in mature environments. Demonstrations will be included of newly available open-source tooling introduced to automate the attack paths described. The presentation will end with recommendations to prevent and detect the actions performed for onsite or cloud hosted Jamf tenants. By: Lance Cain | Service Architect - Consulting Services, SpecterOps, Inc. Daniel Mayer | Consultant - Adversary Simulation, SpecterOps, Inc. Presentation Materials Available at: https://ift.tt/nGwZoVp

source https://www.youtube.com/watch?v=IDFeNbz2lI4