With the rise of website encryption (using the TLS cryptographic protocol), sniffing passwords from network activity has become difficult. However, it’s still possible to quietly exfiltrate a target’s network traffic in real time to extract passwords and sensitive information. Pertaining to macOS, there are two methods for retrieving traffic from a backdoored Mac.
The first method requires Empire, a post-exploitation framework. Empire can be embedded into a MacBook using a USB Rubber Ducky during single-user mode attacks or by social engineering the target into running a malicious command… more