Access a new job-role path with a Gold Annual plan Learn More

MacOS Fundamentals

This module covers the fundamentals required to work comfortably within the macOS operating system and shell.

4.52

Created by 21y4d
Co-Authors: Sentinal

Fundamental General

Summary

DISCLAIMER: This module requires access to a macOS machine for completion. Refer to the end of this page for more details.

macOS is a staple in many environments and businesses, such as academia, content creation, and audio/visual shops worldwide. Furthermore, macOS makes for an excellent pentesting OS and is very popular among pentesters and developers alike, for its security and ability to natively run pentesting tools as well as simulate other OS's through virtual machines.

Understanding how to navigate the file system and the command line is essential for effective enumeration, privilege escalation, lateral movement, post-exploitation, and defense. When set up correctly, we can even use macOS as our attack box during assessments. With advances in centralized administration, we are starting to see macOS hosts within Active Directory environments as well more frequently. This module covers the essentials for starting with the macOS operating system and command line.

This module will provide a quick history lesson on the origins of macOS and its architecture and then guide us through utilizing and administering all it has to offer. We will practice using the Graphical User Interface (GUI) along with the Command-line Interface (CLI) to administer many different portions of the host, including:

  • System settings and preferences
  • Filesystem navigation and usage
  • Networking concepts as they pertain to macOS
  • Application and update control via native apps and the use of Homebrew
  • Security considerations to include host hardening and monitoring

Furthermore, this module will cover the following:

  • macOS system structure
  • File system specifics
  • Permissions management
  • macOS services and applications
  • Interacting with the operating system (CLI & GUI)
  • Security Considerations
  • Application management

This module is broken down into sections with accompanying hands-on exercises to practice the tactics and techniques we cover.

You can start and stop the module anytime and pick up where you left off. There is no time limit or "grading," but you must complete all of the exercises and the skills assessment to receive the maximum number of cubes and have this module marked as complete in any paths you have chosen.

The module is classified as "Fundamental" and assumes that the student has a basic knowledge of the macOS operating system from a casual user perspective.

To complete this module, you must have access to a macOS machine (e.g., MacBook/Mac Mini/Mac Pro). If you do not have access to a Mac, you may still take the module and go through it to understand the macOS fundamentals, though you will not be able to practice the provided exercises within the module. Furthermore, the module may require basic terminal usage, mostly covered in the Linux Fundamentals module, so we recommend doing that module before this one.

What Is macOS?


Many have and use an Apple product in their lives every day. From your Macbook to your iPhone or iPad, there are many different revisions to the Apple OS line, but most of them are, in fact, based on macOS (originally Mac OS X). So let's answer the question, "What is macOS?"

Let's start this module by breaking down the history of macOS, its use, architecture, and core components. macOS is the official term for the operating system used on Apple computers. It is a widely used OS and is second in market use only to Windows operating systems. It can be found in the realms of daily home use, business management, graphical design, and arts.


History Roundup

Let's take a look at the origins of macOS for a minute.

Timeline

2000-2002

This is known as the original start to OS X leading up to macOS as we know it. In the fall of 2000, Apple released a public beta code named Kodiak for users to test and provide feedback. After taking in those responses and making fixes, Apple released Mac OS X (10.0), named Cheetah, in the spring of 2001. This is the first time the world will see the new User interface Aqua.
A few months later, Apple released OS X (10.1) named Puma. This iteration drastically improved system performance and began officially replacing Mac OS 9, OS X's predecessor, on all new computers shipped out.
In the Fall of 2002, the next iteration of OS X was released. OS X (10.2), named Jaguar, focused on user interaction improvements and introduced new applications like iChat to the world.

2003

OS X (10.3) named Panther was released in the fall of 2003. Most interesting about this release was the fact that Apple's new web browser Safari replaced Internet Explorer on their hosts. Support for integration with Active Directory was also added during this release.

2005

OS X (10.4) named Tiger released, bringing with it new features and new looks with Widgets and dashboards. Up to this point, only PowerPC processors were supported for Apple products. With this release, Apple hit a milestone by officially releasing support for the Intel based chipset in their hosts.

2007-2009

2007 was a big year for Apple. In the spring, they unveiled their new gadget that changed the world, the iPhone and with it iOS, which was completely based on Mac OS X. That same year in the fall, OS X (10.5) Leopard was released and introduced Apple's built-in backup system, Time Machine, along with support for 64-bit applications. At this point, dual-booting was first introduced to the Mac line with the introduction of Boot Camp, providing support for the Windows OS on Mac hardware.
Following Leopard in 2009, OS X (10.6) Snow Leopard released, which was an incremental update over Leopard. The only real changes were the addition of the AppStore and the discontinuation of support for the PowerPC processors. From this point on, Apple moved to Intel based processors exclusively.

2011-2012

OS X (10.7) Lion brought many successful features from iOS to their Mac OS X, like Gestures and saved window states. Lion also saw the introduction of iCloud to Mac OS X, bringing interconnected cloud storage to the Apple realm of products.
2012 brought us Mountain Lion (10.8), with the main focus on bringing many of the features that were currently iOS-only into Mac OS X.

2013

From this point forward, Apple decided to stick to a yearly release cycle of Mac OS X. After over a decade of releases named after big wild cats, Apple also decided to ditch the animal theme and move to a naming convention based off locations and landmarks within California.. With a fresh new naming standard, OS X (10.9) Mavericks, kicks off the new release schedule and Apple put out a statement that all future releases would be free for upgrade (including this one). There were some functionality tweaks but nothing substantial under the hood.

2014-2015

With the release of OS X (10.10) Yosemite, the Handoff functionality brought exciting change to the Apple product lines allowing users to seamlessly move any task users are working on from one Apple device to another. The UI is moving more toward the iOS look and feel.
OS X (10.11) El Capitan brought more performance changes and the ability to tile your screen with split views.

2016-2017

OS X is dead! Long live macOS. With the release of macOS (10.12) named Sierra, Apple officially moved away from the "OS X" moniker to "macOS". Along with this change, Apple brought integration for Siri, Apply Pay, and other tweaks under the hood to macOS.
macOS (10.13) High Sierra brought along the switch to the Apple File System (APFS) and several other support functionalities under the hood.

2018

macOS (10.14) Mojave brought significant visual enhancements with this update. Darkmode was introduced to the platform, working natively with all macOS apps and many third-party ones. The ability to have your host dynamically shift from dark mode to light mode with the time of day was also a big change. Mojave also ported over several more iOS apps to macOS, like News, Stocks, and Home, to name a few.

2019

macOS (10.15) Catalina split iTunes into three separate apps (Apple TV, Podcasts, and Music). This update also focused on bringing more iOS features to macOS and also allowed the use of an iPad as a secondary display with the Sidecar feature.

2020

macOS 11 releases, named Big Sur, finally moved away from OS version 10 (or X) and brought big changes to the UI and functionality of the OS as a whole. Much care was taken to improve communications channels in this revision as well. The major new feature of macOS 11 was supporting the all-new Apple Silicon processor while still supporting Intel processors for at least a few more years. Much of the focus of this revision also went to bug fixes.

2021

macOS 12 Monterey. Integration improvements, dubbed Universal Control, were introduced that made controlling multiple Apple devices at once much more seamless. AirPlay saw some big changes, and you can now use a Mac as a speaker when casting to other devices. Spatial Audio was introduced to Facetime, along with other features like SharePlay which, allow you to share audio, video, and even your screen with other users over FaceTime.

2022

macOS 13 Ventura is the most recent release of macOS as of the time of writing this module. It introduced a new window management feature called Stage Manager, along with other features like Continuity Camera, new Apps and app updates, a facelift to the settings app, along with other features.


Now that we know a bit about the history of macOS let's dive into the architecture of the OS itself and some of its core components.


OS & Architecture Info

Kernel: XNU

  • The Mach kernel is the basis (along with portions from BSD) of the macOS and iOS XNU Kernel architecture, which handles our memory, processors, drivers, and other low-level processes.

OS Base: Darwin, a FreeBSD Derivative open-sourced by Apple.

  • Darwin is the base of the macOS operating system. Apple has released Darwin for open-source use. Darwin, combined with several other components such as Aqua, Finder, and other custom components, make up the macOS as we know it.

As mentioned above, macOS recently shifted to mainly support Apple Silicon while still supporting Intel processors for the time being.

These points above make up the basis of macOS as an operating system. There is much more to it, but we are just trying to get an initial understanding of what macOS is for now. Next, let us address several core components within macOS.


Core Components

GUI: Aqua is the basis for the Graphical interface and visual theme for macOS. As technology has advanced, so has Aqua, providing more and more support for other displays, rendering technologies, and much more. It is known for its flowy style, animations, and transparency with windows and taskbars.

File Manager: Finder is the component of macOS that provides the Desktop experience and File management functions within the OS. Aqua is also responsible for the launching of other applications.

Application Sandbox: By default, macOS and any apps within it utilize the concept of sandboxing, which restricts the application's access outside of the resources necessary for it to run. This security feature would limit the risk of a vulnerability to the application itself and prevent harm to the macOS system or other files/applications within it.

Cocoa: Cocoa is the application management layer and API used with macOS. It is responsible for the behavior of many built-in applications within macOS. Cocoa is also a development framework made for bringing applications into the Apple ecosystem. Things like notifications, Siri, and more, function because of Cocoa.


Now that we have a general idea of what macOS is, its origins, and what it is comprised of, let's move on to explore the user interface and all it entails.

Sign Up / Log In to Unlock the Module

Please Sign Up or Log In to unlock the module and access the rest of the sections.

Relevant Paths

This module progresses you towards the following Paths

Operating System Fundamentals

To succeed in information security, we must have a deep understanding of the Windows and Linux operating systems and be comfortable navigating the command line on both as a "power user." Much of our time in any role, but especially penetration testing, is spent in a Linux shell, Windows cmd or PowerShell console, so we must have the skills to navigate both types of operating systems with ease, manage system services, install applications, manage permissions, and harden the systems we work from in accordance with security best practices.

Easy Path Sections 55 Sections
Required: 30
Reward: +30
Path Modules
Fundamental
Path Sections 30 Sections
Reward: +10 UPDATED
This module covers the fundamentals required to work comfortably with the Linux operating system and shell.
Fundamental
Path Sections 14 Sections
Reward: +10
This module covers the fundamentals required to work comfortably with the Windows operating system.
Fundamental
Path Sections 11 Sections
Reward: +10
This module covers the fundamentals required to work comfortably within the macOS operating system and shell.