1. InfoconDB
  2. Objective by the Sea
  3. Objective by the Sea version 5.0 (2022)
  4. In the Aftermath

In the Aftermath

Presented at Objective by the Sea version 5.0 (2022), Oct. 6, 2022, 4:40 p.m. (25 minutes)

When you are on defense and responding to a security incident, your investigation is only as good as the fidelity of the forensic artifacts you collect. As soon as possible, you need to gather as much relevant data from the endpoint, and you need to know where to look. \n\n Introducing Aftermath - A Swift-based, open-source incident response framework. Join us as we demonstrate a real attack using malware that has been found in-the-wild to show how Aftermath can be leveraged by defenders in order to collect and subsequently analyze the data from the compromised host. \n\n During analysis, we will timeline the data and show how Aftermath can be used to tell us what actions took place on the system. This will help us uncover the infection vector of the malware. Time is of the essence in an attack, and as macOS becomes more of a lucrative target for attackers, it is important to quickly collect all the relevant data from the endpoint in order to perform a thorough investigation.


Presenters:

  • Matt Benyo - macOS Detections Developer at Jamf
    Matt Benyo is a macOS Detections Developer at Jamf Software focused on writing detections, as well as analyzing macOS malware and its various techniques. He was previously a Jamf Systems Engineer, and both a Technician and a Trainer at Apple before that.
  • Stuart Ashenbrenner - macOS Detections Developer at Jamf
    Stuart Ashenbrenner works for Jamf as a macOS Detections Developer, primarily focusing on developing new tools to help detect and prevent malware on macOS. He worked as the Service Manager at The Mac Store, then as a software and data engineer before working at Jamf.

Links:

Similar Presentations: