Stay Informed:

COVID-19 (coronavirus) information
Zoom Links: Zoom Help | Teaching with Zoom | Zoom Quick Guide

Leveraging Apple’s Game Engine to Heuristically Detect macOS Threats

Speaker Name: 
Patrick Wardle
Speaker Title: 
Chief Research Officer
Speaker Organization: 
Digita Security
Start Time: 
Friday, March 8, 2019 - 2:40pm
End Time: 
Friday, March 8, 2019 - 4:00pm
Earth & Marines B210
Owen Arden


By examining recent exploits and malware attacks, we'll illustrate that macOS is a rather vulnerable and an ever more targeted OS. And unfortunately for Mac users, traditional signature-based approaches often fail to detect such threats. Instead a heuristic-based, behavioral approach is clearly needed. In this talk, we will discuss a new open-source monitoring framework which passively collects a myriad of system events. Building on top of this, we will then detail a predicate-based system that leverages Apple’s game (logic) engine to quickly and efficiently apply rules against these events. End result? A comprehensive detection, response and threat hunting platform.


Patrick Wardle is the Chief Research Officer at Digita Security and founder of Objective-See. Having worked at NASA and the NSA, as well as presented at countless security conferences, he is intimately familiar with aliens, spies, and talking nerdy. Patrick is passionate about all things related to macOS security and thus spends his days finding Apple 0days, analyzing macOS malware and writing free open-source security tools to protect Mac users.