Incident response on macOS

Presented at DerbyCon 9.0 Finish Line (2019), Sept. 8, 2019, noon (45 minutes).

All too often, admins simply reimage an infected Mac, losing vital information in the process. Learn how to analyze a Mac that you suspect has been infected: what artifacts to collect, and how to parse out what happened. You'll learn about the techniques malware is currently using, with concrete examples, as well as some things that malware could do in the future but hasn't yet. Suspicious behaviors that can help identify processes as malicious will also be discussed. These lessons will be illustrated with examples from real-world malware.


Presenters:

  • Thomas Reed
    Thomas Reed has been working with Macs since 1984, and is a self-taught security researcher and the creator of the AdwareMedic anti-adware tool for Macs. He now directs the development of Mac and mobile products at Malwarebytes, and continues to do malware analysis and threat research.

Links:

Similar Presentations: