Typhon

Typhon is a macOS specific payload aimed at targetting Jamf managed devices. This payload can be used to manipulate macOS devices into communicating with a Mythic instance, which acts as a Jamf server with the ability to execute commands.

Talks & Publications

Typhon was presented in the Black Hat USA 2021 talk Come to the Dark Side, We Have Apples: Turning macOS Management Evil.
Further information about detecting typhon can be found at TheMacPack.io - Detecting Orthrus and Typhon

Installation

To install typhon, you'll need Mythic installed on a remote computer. You can find installation instructions for Mythic at the Mythic project page.

From the Mythic install root, run the command:

./mythic-cli install github https://github.com/MythicAgents/typhon.git

Once installed, restart Mythic to build a new agent.

Notable Features

The typhon agent utilises functionality provided by the Jamf binary. As such no additional code needs to be introduced to the compromised device for this agent to operate.

The client-side Jamf agent contains a variety of functionality that may be utilised by this Mythic payload/profile, however the main focus of the initial release is providing code execution through the agent itself. Any additional feature requests are welcomed.

Commands Manual Quick Reference

The agent currently employs three commands that imitate standard Jamf policy instructions.

Commands

Command	Syntax	Description
add_user	`add_user`	Add a standard or administrative user to the device.
delete_user	`delete_user`	Deletes a user account on the device.
execute_command	`execute_command`	Executes a bash command on the target device with root privileges.

Typhon is a macOS specific payload aimed at targetting Jamf managed devices.

Related tags

Overview

Typhon

Talks & Publications

Installation

Notable Features

Commands Manual Quick Reference

Commands

Owner

Mythic Agents

A powerful framework for decentralized federated learning with user-defined communication topology

This tool is for finding more detailed information of an IP Address.

Official ProtonVPN Linux app

Mass Reverse IP Dibuat Dengan Python 3 Dan Ada Fitur Filter.

StarCraft II Client - protocol definitions used to communicate with StarCraft II.

CSP-style concurrency for Python

IPE is a simple tool for analyzing IP addresses. With IPE you can find out the server region, city, country, longitude and latitude and much more in seconds.

Bark Toolkit is a toolkit wich provides Denial-of-service attacks, SMS attacks and more.

Multi-path load balancing is a method used by most of the real-time network to split the packets into different paths rather than transferring it through a single path

Asyncer, async and await, focused on developer experience

Netwalk is a Python library to discover, parse, analyze and change Cisco switched networks

libsigrok stacked Protocol Decoder for TPM 2.0 transactions from an SPI bus. BitLocker Volume Master Key (VMK) are automatically extracted.

Simple Port Scanner With Socket Module In Python 3x

📨 Share files easily over your local network from the terminal! 📨

A TrueCharts automatic and bulk update utility

stellar-add-guest is a small tool to generate a new guest for Stellar Wireless (Enterprise mode) in OmniVista 2500 hosted on OmniSwitch with AOS Release 8

Client library for relay - a service for relaying server side messages to the client side browsers via websockets.

A transport agnostic sync/async RPC library that focuses on exposing services with a well-defined API using popular protocols.

Learn how modern web applications and microservice architecture work as you complete a creative assignment

The can package provides controller area network support for Python developers