Swift is a great language for offensive tooling due to ease of development compared to lower level languages (Objective-C/C/C++), while still having the flexibility to utilize said lower level languages when the job requires it.

In this talk, I’ll go into the research, development, and usage of a new Swift implant, Hermes, that can be used in modern red teaming operations. Hermes hooks into Cody Thomas’ Mythic framework, which serves as the controller.

I will dive into the various functionality implemented within Hermes that allows for secure communications, reconnaissance, code execution, data exfiltration, and extensibility with existing offensive tooling. Lastly, I will cover defensive considerations for different TTPs implemented within Hermes. Following this talk, Hermes will be open-sourced for security professionals to test and validate detections within macOS environments.