The information contained in this blog post is for educational purposes ONLY! /HoldMyBeer.xyz and its authors DO NOT hold any responsibility for any misuse or damage of the information provided in blog posts, discussions, activities, or exercises. The method below will utilize this functionality to monitor e-mails from a particular user, upon receiving an e-mail from said user, a reverse shell will call back to our Powershell Empire server. This functionality provides a method to initiate a reverse shell without user interaction or placing a persistent mechanism in a well-known location. The Mail app has built-in functionality that can trigger an Applescript to execute code when certain conditions (new e-mail in inbox from bob, deletion of e-mail, or an e-mail containing certain text) occur within the Mail app. This blog post is going to demonstrate a proof of concept (PoC) of sending an e-mail to trigger the Mail app (mail.app) to create a reverse shell.
