You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Velociraptor can embed config in the binary after the build by modifying a static string within the PE file. We use this technique to create the "offline collector" which has a preconfigured configuration embedded within the binary.
This does not work on MacOS which seems to have a hash that covers the binary after the build. So it seems that MacOS will not allow the binary to be modified after build - even for unsigned binaries.
$ ./Collector_velociraptor-v0.7.0-rc1-darwin-arm64
Killed: 9
$ spctl -a -t exec -vvv ./Collector_velociraptor-v0.7.0-rc1-darwin-arm64
./Collector_velociraptor-v0.7.0-rc1-darwin-arm64: invalid signature (code or signature have been modified)
We need to develop an alternate method for the offline collector on MacOS.
The text was updated successfully, but these errors were encountered:
Velociraptor can embed config in the binary after the build by modifying a static string within the PE file. We use this technique to create the "offline collector" which has a preconfigured configuration embedded within the binary.
This does not work on MacOS which seems to have a hash that covers the binary after the build. So it seems that MacOS will not allow the binary to be modified after build - even for unsigned binaries.
We need to develop an alternate method for the offline collector on MacOS.
The text was updated successfully, but these errors were encountered: