Overview
Explore advanced network monitoring techniques for macOS security in this DEF CON 31 conference talk that addresses the gap in malware detection capabilities on Apple systems. Dive into programmatic approaches for network traffic analysis, focusing on enumerating network state, statistics, and traffic monitoring directly on macOS hosts. Learn to implement open-source solutions utilizing low-level APIs, private frameworks, and user-mode extensions to gain comprehensive insight into networking activity. Master efficient methods for detecting both known and unknown malware threats through network access monitoring, leveraging powerful detection heuristics specifically designed for the macOS platform.
Syllabus
DEF CON 31 - Leveraging macOS Networking Frameworks to Heuristically Detect Malware - Patrick Wardle
Taught by
DEFCONConference