![f secure for mac f secure for mac](https://net-load.com/wp-content/uploads/2015/03/giveaway-f-secure-key-password-manager-free-1year-subscription.png)
To provide some context, we're going to look briefly at the solution and pick out some key features that we will be attacking later on.
![f secure for mac f secure for mac](https://us.v-cdn.net/6032052/uploads/E908IYB9D40P/image.png)
#F secure for mac software
At first we thought this was marketing spiel, however, after some research we learned that the platform is used by over 36,000 organisations, including 8 out of the top 10 largest fortune 500 companies and even by Apple themselves! As with many software packages, the security of the solution is dependent on how you configure it. Jamf self-describes as "The Standard for macOS in the Enterprise". If that gets you excited, keep on reading! starting on the internet with no privileges at all. Ultimately, by chaining the techniques discussed, we can obtain administrative control over all Jamf managed macOS (and iOS) devices. The techniques discussed in the post range from information disclosure, persistence, credential discovery and more. In the following sections, we will detail various attacks that we performed against organisations utilising Jamf to manage their macOS estates. We’ve even added in a few extra bits that we weren’t able to fit into the talk too! This post marks the release of the Jamf Attack Toolkit - a series of tools developed to facilitate the various attacks outlined in this post. This blog post is designed to complement the conference talk, and can be used as a reference when performing attacks against organisations utilising Jamf.
![f secure for mac f secure for mac](https://mac-cdn.softpedia.com/screenshots/F-Secure-Mac-Protection_1.png)
The slides for the talk can be found here. On 13th March 2020, Calum Hall and Luke Roberts gave a talk titled "An Attacker’s Perspective on Jamf Configurations" at the 3rd edition of Objective By The Sea, held on the beautiful island of Maui, Hawaii.