The constantly changing landscape of macOS and its hardware is exciting and dreadful. System extensions have changed how all software works. The side effect was lots of broken software on modern macOS versions, including some software that was useful for examining the behavior of malware. VirtualBox and Mac-a-mal Cuckoo were integral to some companies that wanted to automate this process. As Apple slowly phases out x86 applications, we look to update our workflow with new utilities that will persevere through upcoming changes. \n\n This talk will introduce ESFriend, a minimal malware analysis system modeled after Cuckoo. ESFriend uses existing applications wrapped in Python to automate the collection of behavioral events from a physical macOS machine on your network.