Presented at
Objective by the Sea version 1.0 (2018),
Nov. 3, 2018, 10:10 a.m.
(50 minutes).
In the last few years, MacOS backdoors have become a hot topic in the industry. What used to be a rare occurrence in the wild is happening more and more frequently. As this topic grows in popularity the details on post-exploitation of Mac intrusions remain a mystery.
This talk aims to fill that gap by showing attendees a full Mac intrusion performed by a hostile adversary. Process visualizations, command lines, and other artifacts will be shared from real world intrusions revealing how they got in, what commands were used to move laterally, and how they manually set up their backdoors while trying to fly under the radar. Some Linux attack details will be shared as well due to a lot of tools, techniques, and procedures being cross-platform.
Presenters:
-
Jaron Bradley
- Strategic Intrusion Analyst at CrowdStrike
Jaron started his career out of college as an incident responder for APT based intrusions at a very large corporation. From there he went on to CrowdStrike where he’s done work in many different areas including intrusion analysis, detection engineering, and research. A large portion of his time is spent investigating Mac and Linux based intrusions as it is his personal belief that these platforms do not gain enough attention in the security industry. Jaron is the author of the book OS X Incident Response Scripting and Analysis which he wrote while living on The Big Island.
After Objective by the Sea, you will likely find him in Hilo eating a moco or swimming in the Wailuku River.
Links:
Similar Presentations: