> the shell is recorded and send to a central tool

Challenge accepted. And it's not a huge challenge. I'd say not even a mild one.

yup, its really not that hard to break, but to break without the tool noticing is harder.

they usually work in kernel extensions or use https://developer.apple.com/documentation/endpointsecurity - which gives them pretty good coverage of all the processes running, and arguments etc

▲

boomlinde a day ago | parent | prev [-]

What challenge?

▲

ziml77 a day ago | parent [-]

Yeah I'm really not sure why people take doing things that their employers don't want them doing as a challenge. Like how about the challenge instead be working within the restrictions? Or communicating with their boss what they need to get their job done?

They have no clue what legal requirements are imposed on the company that led to those restrictions. They could easily land themselves or the entire business in hot water by not complying. It doesn't matter how easy the controls are to bypass. Like, it's easy to pick or cut a LOTO lock, but that doesn't mean it's fine to do that.

	▲	egorfine 8 hours ago \| parent [-]
		That's a reasonable take but then keep in mind we're talking about iTerm. How is the browser different from, say, `curl https://example.com \| lynx`? Or `~/.bin/playwright/chrome`? So while corporate restrictions sometime (but only sometime!) make sense, the configuration where a terminal is allowed while a browser is not - don't.