I was approached by Fusion to be part of their ‘Real Future’ documentary – specifically, and I quote, to ‘see how badly I could fuck his life up, while having control of his laptop’. They wanted me to approach this scenario from how a typical attacker would see it. This journalist was San Francisco Bay Area based, so that meant he was using a mac, an iphone, and his office was using google apps and likely 2 factor authentication for everything. No windows, no powershell, no ms08_067, no netbios, no backdoored ms office documents – how was I supposed to get in? Well, I did get in, but then I was faced with another problem – metasploit doesn’t work so well when attacking osx. And outside of that, there really aren’t ANY tools (at least public ones) that are built for attacking osx. I had to build a toolkit for myself ON THE VICTIMS MACHINE, LIVE during the engagement. And I’m going to tell you all how I did that, what I did, what worked and what didn’t work. The one thing I can say is now I understand why the NSA does surveillance the way they do. You learn 10x more from watching someone via screenshots than you will from any shell, hands down, every time.