Post

Replies

Boosts

Views

Activity

Reply to Why is Control Center on Monterey listening on ports?
I've also captured traffic that is malformed coming into my brand new Mac Apple Silicon. Port 7000 was open and bound to ControlCenter. The traffic I've captured (PCAP) respembles the airplay protocol RTSP. using a blist00 tag followed by a payload. Interestingly, the attack traffic (dport 7000) has TCP options set. They are 12 bytes. 0101 and then 10 more bytes for an array of two timestamps. I'm pretty sure this is part of the attack payload.
Apr ’22
Reply to com.apple.nand
Yes, I just stumbled on it when looking at unfamiliar ASPCarry on my M1, 22D49 foo@bar-MacBook-Pro ~ % sudo launchctl list 1239 0 com.apple.nand.aspcarry sudo launchctl procinfo 1239 program path = /usr/libexec/ASPCarryLog system/com.apple.nand.aspcarry = { active count = 2 path = /System/Library/LaunchDaemons/com.apple.nand.aspcarry.plist From Logs log show --predicate ' eventMessage CONTAINS "nand"' Acquiring assertion targeting [osservice<com.apple.nand.aspcarry>:1049] from originator [osservice<com.apple.powerd>:320] with description <RBSAssertionDescriptor| "App is holding power assertion" ID:385-320-883 target:1049 attributes:[ <RBSDomainAttribute| domain:"com.apple.appnap" name:"PowerAssertion" sourceEnvironment:"(null)">, <RBSAcquisitionCompletionAttribute| policy:AfterApplication> ]> This is about as far as I've gotten when I saw this post.
Feb ’23