@
Davic1 #24
original:
https://www.reddit.com/r/macapps/comments/1d87ykz/highly_suggest_to_remove_bartender_5_from_your/one:
> I would not recommend such protection. You never know what binary will upload anything (usually it is done by another binary to hide the activity, like some python script that is hard to script in rules as all of these are executed as "python").
(it is time for me to switch to other things than monitor this thread :), I will delete this post to avoid any misinformation after any legitimate data)
another:
> Too immature. That's why it's easy to hack someone. If they want to target macOS Guru, they simply deploy some logic like:
Send and receive orders directly with C2 in normal cases
If cannot, write the command and respond to the file and wait for it to ship to C2 from another application that most users will Allow connect to the network. And of course they are also behind that software. Or they can also take advantage of some vulnerable software as a carrier.
In fact, 1001 more complicated ways to achieve the same goal. Host firewall is not a Swiss knife