Overview
Explore real-world case studies of advanced intrusions on MacOS systems in this 51-minute RSA Conference talk. Delve into detailed breakdowns of tactics, techniques, and procedures (TTPs) and artifacts used by attackers. Witness live demonstrations of these attacks and learn relevant countermeasures for detection and response. Gain insights into different attacker TTPs on MacOS systems, understand how macOS process visualization trees can be used for forensics, and learn about the relevance of both static and behavioral indicators in intrusions. The session covers topics such as delivery URL schemes, privilege escalation, credential theft, persistence, and exfiltration, along with their respective countermeasures. Don't miss the must-see Adversary Oscars segment. Basic understanding of hacking tools and techniques is recommended.
Syllabus
Intro
CROWDSTRIKE INTELLIGENCE NAMING CONVENTIONS
BREAKOUT TIME BY ADVERSARY
DELIVERY URL SCHEMES
DELIVERY COUNTERMEASURES
PRIVILEGE ESCALATION POOR UPDATE PRACTICE
PRIVILEGE ESCALATION COUNTERMEASURES
CREDENTIAL THEFT HASHDUMP
CREDENTIAL THEFT COUNTERMEASURES
PERSISTENCE COUNTERMEASURES
EXFIL COUNTERMEASURES
Taught by
RSA Conference