Created by Leo Pitt (@_D00mfist)
ssh-keygen is a tool for creating new authentication key pairs for SSH (Secure Shell). ssh-keygen holds the “com.apple.security.cs.disable-library-validation” entitlement and is capable of loading arbitary libraries without requiring signed code.
|2023-05-22||Execution Defense Evasion||dylib|
Execute malicious dynamic library (.dylib) from standard input
An attacker can execute a malicious .dylib from stdin by echoing a load command and piping to tclsh. This will bypass code signing requirements.
ssh-keygen -D /private/tmp/evil.dylib