Leveraging Apple’s Game Engine to Heuristically Detect macOS Threats

By examining recent exploits and malware attacks, we'll illustrate that macOS is a rather vulnerable and an ever more targeted OS. And unfortunately for Mac users, traditional signature-based approaches often fail to detect such threats. Instead a heuristic-based, behavioral approach is clearly needed. In this talk, we will discuss a new open-source monitoring framework which passively collects a myriad of system events. Building on top of this, we will then detail a predicate-based system that leverages Apple’s game (logic) engine to quickly and efficiently apply rules against these events. End result? A comprehensive detection, response and threat hunting platform.

Bio:

Patrick Wardle is the Chief Research Officer at Digita Security and founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.