MacOS host monitoring - the open source way

Presented at Kernelcon 2019, April 6, 2019, 11:15 a.m. (20 minutes).

I will talk about a example piece of malware(Handbrake/Proton) and how you can use open source tooling detection tooling to do detection and light forensics. Since I will be talking about the handbrake malware, I will also be sharing some of the TTPs the malware used if you want to find this activity in your fleet.


Presenters:

  • Michael George - Dropbox
    Michael works on the DART team @ Dropbox. Michael has spent a lot of time investigating macOS host-monitoring solutions.

Links:

Similar Presentations: