Many defenders have hard fought experience finding evil on Windows systems, but stare blankly when handed a Mac. You know all the ways PowerShell can own a box, but how about AppleScript? This practical talk will give defenders a primer in finding adversarial activity on macOS using the TTPs they know and love from other platforms as a reference point.
Adam is a security practitioner, beard enthusiast, and heavy metal connoisseur. For the better part of a decade he has worked across multiple security disciplines, such as architecture design and implementation, penetration testing, security engineering, and incident handling and response. Adam is an Incident Handler with Red Canary, helping organizations find and evict evil.