Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore macOS security telemetry mechanisms and threat detection techniques in this 22-minute conference talk from Objective-See Foundation's OBTS v8.0. Discover how macOS logging operates through the Unified Logging System (ULS), Endpoint Security Framework (ESF), and Transparency, Consent, and Control database (TCC.db) structures. Learn techniques for extracting actionable telemetry from macOS logs using tools like Consolation3 and eslogger, while understanding the complexities of ESF-based interactions. Analyze macOS threat vectors within automation utilities including LaunchAgent, LoginItem, and OSA script-based persistence and credential theft as exploited by malware such as Atomic Stealer and XCSSET. Examine detection strategies that focus on behavioral correlations including abnormal osascript execution, high-entropy command-line arguments, and post-execution network exfiltration. Master the use of tools like ESFPlayground, Mints, and Mac Monitor for telemetry collection and analysis. Gain comprehensive knowledge of macOS internals, telemetry mechanisms, and tooling required to effectively investigate and harden macOS environments against modern threats.
