MacOS host monitoring - the open source way

Presented at DerbyCon 7.0 Legacy (2017), Sept. 23, 2017, 5:30 p.m. (25 minutes)

MacOS host monitoring - the open source way, I will talk about a example piece of malware(Handbrake/Proton) and how you can use open source tooling detection tooling to do detection and light forensics. Since I will be talking about the handbrake malware, I will also be sharing some of the TTPs the malware used if you want to find this activity in your fleet. Dropbox - Security Engineer. I work on the Incident Response team at Dropbox. I primarily work on host-based detection systems.

Presenters:

• Michael George

Links:

• https://www.derbycon.com/saturday-schedule/#event-154
• https://infocon.org/cons/DerbyCon/DerbyCon 7 2017/MacOS host monitoring the open source way Michael George.mp4

Similar Presentations:

• CarolinaCon Online 2021 Virtual / Host-Based Detection, Forensics, and Response with Velociraptor
• DerbyCon 3.0 All in the Family (2013) / The Malware Management Framework, a process you can use to find advanced malware. We found WinNTI with it!
• Kernelcon 2019 / MacOS host monitoring - the open source way