Welcome to Diana Initiative 2021 Virtual Conference schedule.
For more information, please see our virtual conference page here :
Back To Schedule
Friday, July 16 • 11:00am - 12:00pm
Bobbing for Apples: Developing alerts for macOS

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Knowing what malicious activity looks like in macOS and developing viable detection in an enterprise environment are separate challenges. Detections that seem simple at first glance, like applications spawning shell commands, are often frustrated by shortcuts used by legitimate software products. Other detections, like identifying malicious cron jobs, are complicated by user behavior. Additionally, enterprise endpoint detection tools are not always macOS-aware. Just because your EDR runs on a macOS machine doesn’t mean the EDR understands the internals of macOS, and what artifacts are significant.

This presentation will focus on strategies for developing macOS alerts within enterprise environments, and what lessons can be carried forward if you already familiar with detection on Windows endpoints.

avatar for Megan Carney

Megan Carney

Detection Engineer, Target
Megan Carney has been an analyst/bad news giver in several different environments over the past ten years or so. She spends most of her time searching for all the places badness might hide. Can often be found staring into the abyss. It's true the abyss stares back.

Friday July 16, 2021 11:00am - 12:00pm PDT
Stage 2 https://app.hopin.com/events/2021-diana-initative/stages/90e343b7-a0ab-4c29-bd43-af794fc0b3ee