Cisco Talos has documented several techniques for macOS that abuse native operating system tools and legitimate utilities to conduct lateral movement and command execution without deploying external malware—a 'living-off-the-land' approach that allows attackers to remain stealthy by using built-in system functionality.