Threat Hunting in MacOS with Open Source Tools

Presented at ShellCon 2019, Oct. 11, 2019, 2 p.m. (50 minutes)

MacOS is a popular operating system across Startups and Fortune 500 companies. Few commercial tools exist that provide proper event visibility in MacOS. Often, these tools are expensive and some lack important monitoring features. However, open source offers a great selection of tools that can be deployed to kick start a MacOS Threat Hunting Program. In this talk, I will simplify threat hunting, select a few open source tools, and guide the audience on a methodology to hunt for threats in MacOS.

Presenters:

• Art Maddalena
  Art began his journey with security during the BBS days. Professionally, Art has been involved with numerous aspects of cyber security over his career (from Red to Blue and in between). Numerous years in both the Federal and Private sectors have provided Art with lessons learned which he likes to share throughout the security community while also enjoying providing mentorship to those that are just getting into the industry. Moloch FPC lover, music nerd, puzzle lover, craft beer enthusiast, family man.
• Plug
  Plug started his journey in computer security back in 1996 when he discovered a 2600 magazine that eventually lead him to his first LA2600 meeting in 1998. From that point forward, he has been involved in computer security. In his free time he enjoys building Legos, playing with synthesizers, and when possible, he volunteers his time to computer security events.

Links:

• https://2019.shellcon.io/talks/threat-hunting-in-macos/

Similar Presentations:

• Objective by the Sea version 2.0 (2019) / Detecting macOS Compromise with Venator
• Objective by the Sea version 2.0 (2019) / An 0day in macOS
• GrrCON 2018 / Threat Hunting: the macOS edition