ATT&CK-Based macOS Purple Team Operations - Dropping Lotus Bombs

Learn how to execute ATT&CK-based emulation for macOS environments in this conference talk from Objective-See Foundation. Discover the first macOS emulation plan added to the Adversary Emulation Library, focusing on the OceanLotus threat actor scenario. Gain insights into executing ATT&CK techniques, building enterprise detection capabilities, and transforming macOS security into an effective defense system. Follow along as security experts Cat Self and Megan Carney share their three-year community effort to develop red vs. blue team emulation specifically for macOS. Explore topics including GitHub resources, reporting methods, detection strategies, unsigned launch agents, normalized baseline detection, and practical complications when writing to the simulator. Master the tools and techniques needed to strengthen macOS security posture through hands-on adversary emulation and detection engineering.