Yesterday I posted https://krypted.com/mac-security/script-to-list-extensions-running-on-a-mac/ to scriptify some research on App Extensions and System Extensions. I mentioned that it’s also possible to loop through /Applications or /Applications/Utilities and look for any .systemextension bundles (which includes network extensions as those are .networkextension.systemextension – and ultimately they’re all kinda’ auxiliary kext’s ‘even though’cause kexts are bad – but I digress). So here’s a script that loops through the file hierarchy supplied by $1 and then checks any found against systemextensionsctl to make sure they’re running: https://github.com/krypted/extensionslist/blob/main/systemextensions.sh In action, here are a couple of outputs of what it can look like. Per developer documentation (and with a little experience writing them), the two locations…
-
-
Script to List Extensions Running on a Mac
I wrote an article about extensions on macOS a few weeks ago, and have since written a couple of other extensions. The interesting thing about modern extensions is that different types of extensions can live in different places on a file system, become instantiated in different ways or with different mechanisms, and due to the way message traverse XPC, operate in very different ways. The tools Apple has made available make it possible to see what’s running are primarily geared towards protecting privacy. This leaves a small gap for those interested more in securing machines and preventing exfiltration. There isn’t a single binary that can provide a simple listing of…
-
Query A Jamf Server From Within Slack
This project is a reference implementation to build a Slack interface to Jamf Pro. It could be used for most any REST endpoint though if you wanted to pull the logic for handling the Jamf URI structure. Because I’m still trying to figure out where to hide secrets in slack, it requires an API gateway. I’ll hopefully remove that requirement in a future iteration. If there is a future iteration. It’s really just meant for reference. Add to it, remove from it, mock it, whatevers… <3 Usage Basically you send it a /q followed by an endpoint and it spits out json. Syntax is pretty much as follows: /q As…
-
Jamf After Dark Podcast: Conditionally Accessing All The Things
-
Jamf After Dark Podcast: Jamf CEO Dean Hager Talks About The ZuluDesk Acquisition
-
Obtain A List Of Devices or Apps In ZuluDesk Using Bash
The curl command can be used to authenticate to an API using a variety of authentication types such as Bearer, OAuth, Token, and of course Basic. To authenticate to the ZuluDesk API, first create an API token. This is done by logging into ZuluDesk, clicking Organization, then Settings, then API, an then clicking on the Add API Key button. Once you have your API key, your header will look as follows: GET /users HTTP/1.1 User-Agent: curl/7.24.0 X-Server-Protocol-Version: 2 Authorization: Basic YOURTOKENHERExxx000111222== Content-Length: 0 The curl command can do this would be as follows, simply converting these into separate values in the -H or header. The URL provided will do a…
-
Jamf After Dark: Serverless Means Less Servers
-
Register A Webhook In Jamf Pro
A webhook is a small web trigger that when fired can easily send amount of small json to a web listener. Most modern software solutions support webhooks. They provide an easy way to trigger events from a piece of software to happen in another piece of software. An example of this is when a smart group change happens in Jamf Pro, do something elsewhere. To start, you register a webhook in Jamf Pro by opening an instance of Jamf Pro, clicking on Settings, clicking on Global Management, and then clicking on Webhooks. From the Webhooks screen, click New. At the New Webhook screen, you will see a number of fields.…
-
Jamf After Dark Episode 8: Jumpy McJumpstarts
So this whole JNUC and holiday season thing as well as an episode that didn’t turn out due to audio levels kinda’ set us back a bit. But we’re right back at it. Hope you enjoy episode 8 everyone!
-
Managing Virus Scans With ClamAV
There are a number of solutions on the market for scanning a Mac for files that have become infected with a virus or macro-virus. Many of these have a negative return on investment. So customers can instead go the open source route to scan files and quarantine them. And customers can use Jamf Pro to enable doing so. This page is meant to provide a quick and dirty guide to doing so, along with how this might be packaged and potentially tracked with Jamf Pro. First, we’ll install and configure a free tool called clamav. There are a number of ways to install clam. For this example, just to get…