In 2016 I discovered a very aggressive adware/malware for Mac dubbed OSX/Pirrit. Pirrit was unlike any other adware I've seen before - It was escalating privileges to root, taking over your entire machine, abusing AppleScript to inject rogue JS code to browsers and slowing down the machine dramatically. I took it apart completely and even found the actual people behind it (downright to their names) due to some hilarious (no, really, hilarious!) opsec mistakes that they made. Then, in december of 2017 they released a new variant, changed their TTPs and AGAIN made some hilarious opsec mistakes which allowed me to tie it back to them again and write a report about it. Since they follow me on twitter, the cease and desist letters didn't take long to arrive. In this talk I'll share the story of the malware, the hilarious opsec mistakes, and the 'behind the scenes' of what happened in the days before the report was published. If you ever wanted proof that the legal department of your company can be your friend - this is the talk for you.