Explore the evolution of malicious activity detection on macOS in this 37-minute Black Hat conference talk. Delve into the Apple Endpoint Security Framework (ESF), introduced in macOS Catalina in 2019, and its role in fueling behavioral-based detections. Compare and contrast old and new detection methods, understanding their continued relevance in today's cybersecurity landscape. Learn how to effectively utilize ESF data, both in its basic form and as a pivot point for more sophisticated detection techniques. Gain insights from presenters Jaron Bradley and Matt Benyo as they break down the practical applications of ESF in enhancing macOS security.
Leveraging the Apple ESF for Behavioral Detections
Overview
Syllabus
Leveraging the Apple ESF for Behavioral Detections
Taught by
Black Hat
Related Courses
-
The Best Defense is a Great Offense - Leveraging Automated OffSec to Build Proactive C2 Detections
-
Nothing but Net - Leveraging macOS's Networking Frameworks to Heuristically Detect Malware
-
Rope - Bypassing Behavioral Detection of Malware with Distributed ROP-Driven Execution
-
Drill Apple Core - Up and Down - Fuzz Apple Core Component in Kernel and User Mode for Fun and Profit
-
Behavioral Analysis from DNS and Network Traffic
-
Hand in Your Pocket Without You Noticing - Current State of Mobile Wallet Security
