com.apple.security.application-groups (any value) | offensive-macos-hunt-keychain-access-group | Application-group identifiers are also valid keychain access-group identifiers. If credentials are stored under the group with ACLs that don't pin to a code-signing identity, any other app signed by the same team reads them. Classic confused-deputy. |
com.apple.security.automation.apple-events | offensive-macos-hunt-url-scheme-hijack (companion check) + AppleScript-target audit | App can send AppleEvents to control other apps. An IPC handler that takes an AppleEvent target from the renderer or a URL handler is a renderer→arbitrary-app-control pivot. |
com.apple.developer.endpoint-security.client | offensive-macos-family-enterprise-agents | EDR-class surface; daemon runs as root with a kernel callback; entirely different review shape. |
com.apple.security.cs.allow-unsigned-executable-memory | offensive-macos-shellcode-arm64 (signal, not skill) | Unsigned executable memory == JIT or runtime patching. Search for mmap / mprotect with PROT_EXEC and identify the JIT region's protection lifecycle. |
com.apple.security.cs.disable-library-validation | offensive-macos-hunt-private-framework-hijack | Library validation off means a tampered or substituted dylib loads without rejection. Combine with rpath / weak-link audit. |
com.apple.private.security.no-sandbox | offensive-macos-family-os-components | Apple-signed binary opting out of sandbox. Review attack surface as if it had no boundary. |
com.apple.private.tcc.allow-prompting (any) | offensive-macos-hunt-tcc-prompt-attribution | App takes part in TCC prompt routing; check responsible-process accounting. |