#OBTS

Описание: Slides: https://objectivebythesea.org/v8/talk...

Talk Description:
This presentation explores macOS's security telemetry mechanisms, answering how macOS logging operates through the Unified Logging System (ULS), Endpoint Security Framework (ESF), and Transparency, Consent, and Control database (TCC.db) structures. It details techniques for extracting actionable telemetry from macOS logs using tools like Consolation3 and eslogger, and highlights the complexities of ESF-based interactions. The talk analyzes macOS threat vectors within automation utilities—such as LaunchAgent, LoginItem, and OSA script-based persistence and credential theft—as exploited by malware like Atomic Stealer and XCSSET. Detection strategies are proposed that focus on behavioral correlations—such as abnormal osascript execution, high-entropy command-line arguments, and post-execution network exfiltration—while leveraging tools like ESFPlayground, Mints, and Mac Monitor for telemetry collection and analysis. The talk provides attendees with the internals, telemetry, and tooling knowledge needed to investigate and harden macOS environments.

Speaker's Bio:
👤 Olivia Gallucci is a Senior Security Engineer at SECUINFRA and a blogger: oliviagallucci.com. She is the founder of two companies—Offensive Services (security research) and OG Health & Fitness (personal training). Graduating at the top of her university, Olivia is passionate about education surrounding free(dom) and open-source software, ARM assembly, and all-things related to macOS. She previously worked in offensive security at Apple, US Government, and Deloitte. Outside of cybersecurity, Olivia enjoys competitive sailing, and reading about famous computer nerds.
https://x.com/oliviagalluccii

Support the Objective-See Foundation:
https://www.objective-see.org/
https://x.com/objective_see/
  / objective-see