Explore a 45-minute conference talk that examines the evolution of macOS security, focusing on behavior-based detection methods as a critical advancement beyond traditional signature and model-based approaches. Learn how quality data collection, analysis tools, and deep understanding of macOS internals combine with threat actors' Tactics, Techniques, and Procedures (TTPs) to create more effective security measures. Through real-world case studies and an examination of Elastic's advanced behavior detections, discover practical implementations for identifying hidden threats in macOS systems. Gain valuable insights from Senior Security Research Engineer Colson Wilhoit's expertise in developing resilient behavioral-based detections for both endpoint and SIEM systems, while understanding the limitations of relying solely on model and static signature-based detection methods.