Cat Self: macOS and Linux Security

Описание: Click here to send us your ideas and feedback on Blueprint! (https://www.buzzsprout.com/twilio/tex...)


Ever wonder why there’s so little information regarding macOS and Linux-oriented attacks? In this episode, we get the answer from  the multi-talented Cat Self - an Adversary Emulation Engineer at MITRE, Cyber Threat Intelligence Team Leader on ATT&CK Evaluations and macOS/ Lead on MITRE ATT&CK Enterprise. We discuss defense tools,  attacker TTPs, and what to consider when approaching defense for a macOS and Linux environment, and what trends we can expect in the future for these operating systems. Check out the resources below for links mentioned during this enlightening conversation!

Our Guest: Cat Self


Cat Self is the CTI Lead for MITRE ATT&CK® Evaluations, macOS/Linux Lead for ATT&CK® and serves as a leader of people at MITRE. Cat started her cyber security career at Target and has worked as a developer, internal red team operator, and Threat Hunter. Cat is a former military intelligence veteran and pays it forward through mentorship, technical macOS hunting workshops, and public speaking. Outside of work, she is often planning an epic adventure or climbing mountains in foreign lands. 






Follow Cat on Social Media


Twitter: @coolestcatiknow (https://twitter.com/coolestcatiknow?l...)


LinkedIn: Cat Self (  / coolestcatiknow  )






Resources mentioned in this episode:

A highlight of new security changes in macOS Ventura:


https://www.sentinelone.com/blog/appl...


 


For securing a macOS device, I highly recommend installing Patrick Wardle’s endpoint tools. https://objective-see.org/tools.html My favorites are BlockBlock, KnockKnock, Lulu, & Netiquette. 


 


Cat's “GoTo” blogs


Patrick Wardle Objective-See (https://www.objective-see.com/)


Jaron Bradley The Mitten Mac (https://themittenmac.com/blog/)


Howard Oakley The Eclectic Light Company (https://eclecticlight.co/category/macs/)


Cody Thomas Medium (  / its_a_feature_  )


Sarah Edwards mac4n6 (https://www.mac4n6.com/)


Leo Pitt Medium (  / d00mfist  )


Christopher Ross Medium (  / xorrior  )


Csaba Fitzl THEEVILBIT Blog (https://theevilbit.github.io/beyond/)


 


Open Source Projects


Playbooks with Datasets to practice OTRF (https://github.com/OTRF/ThreatHunter-...)


Code snippets aligned to MITRE ATT&CK Atomic Red Team (https://github.com/redcanaryco/atomic...)


Jupyter notebook environment setup by Anna Pastushko (  / how-to-setup-jupyter-notebook-on-mac  )


Virtual environment setup Hold My Beer (https://holdmybeersecurity.com/2021/0...)






Sponsor's Note:


Support for the Blueprint podcast comes from the SANS Institute.


If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as


Check out John's SOC Training Courses for SOC Analysts and Leaders:


• SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations (https://sans.org/sec450)

• LDR551: Building and Leader Security Operations Centers (https://sans.org/ldr551)


Follow and Connect with John: LinkedIn (  / johnlhubbard  )