Malware:
OSX.Pirrit
- [PDF] Cyberreason – The Minds Behind the Malicious Mac Adware (Amit Serper)
- [VIDEO] Amit Serper’s Layerone Presentation- The Blue Balls of Mac Adware
OSX.Eleanor
- [PDF] BitDefender - Backdoor.MAC.Eleanor Grants Attackers Full Access to Mac Systems
- [MALWARE SAMPLE] from @objective_see
Call for Papers:
[PDF] SANS DFIR Summit in Prague, CZ – I really like this conference; small, good people, great presentations. I’m schedule to be there – hope to see some of you all there as well!
Presentations:
[LINK] I just came back from the SANS DFIR Summit in Austin, TX which is by far one of my favorite events of the year. The presentations can be found here under ‘Digital Forensics & Incident Response Summit 2016’.
[PDF] Mach-O Libre – Mach-O Libre: Pile Driving Apple Malware with Static Analysis, Big-Data, and Automation. Accompanying presentation for the tool that was in my last update. Great Mach-O info!
[PDF] Java RATs: Not Even Your Macs Are Safe
Tools:
[LINK] PoC code for iCloud Keychain Analysis by n0fate , presentation (in Korean) can be found here.
[LINK] FSMon by Sergi Àlvarez at Nowsecure – File system monitor tools for iOS/OSX/Android/etc now updated to v1.4
Blogs:
[LINK] Adam Leventhal’s Blog – APFS in Detail
[LINK] Marc Padilla - Using File Attributes to Fill Volumes and Bypass OS X Server Limits
[LINK] Harden The World – OS X 10.11 Hardening Guide
[LINK] @osxreverser – ‘Apple EFI firmware passwords and the SCBO myth’
[LINK] Blackbag Technologies Blog – Did the iPhone Take the Picture?
Media:
[WEBCAST] My iOS Location Forensics webcast from May is up. []
[WEBCAST] Joshua Wright’s webcast, ‘What You Need to Know: iOS 10 Security’
[VIDEO] Attacking OSX for fun and profit Toolset Limitations Frustration and Table Flipping by Dan ‘Viss’ Tentler from CircleCityCon
[AUDIO] ThreatPost - Patrick Wardle on macOS Gatekeeper, Crypto Enhancements
Publications:
[PDF] DRAFT SP 800-179 - Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist
My Upcoming Classes & Presentations:
I’ll be teaching my SANS FOR518 – Mac Forensic Analysis class at the following conferences, there are some bonus @Night presentations as well! I hope to see many of you at one of these conference some day!
[LINK] SANS Virginia Beach (Aug 28 – Sept 2) - This conference is right on the beach and makes it a really nice one to go to at the end of the summer season. Class during the day, walking the boardwalk in the breezy late summer evening!
- @Night – The iOS of Sauron- How iOS Tracks Everything You Do
[LINK] SANS Network Security (Sept 12 – 17 in Las Vegas, NV) - Vegas is always a good time, and the weather in September isn’t too shabby either!
- @Night – The iOS of Sauron- How iOS Tracks Everything You Do
[LINK] SANS DFIR Prague (Oct 3 – 8 in the Czech Republic), Stay for the Summit on the 9th!
[LINK] SANS San Francisco (Nov 27 – Dec 2) []
- @Night – iOS Location Forensics
[LINK] SANS Cyber Defense Initiative (Dec 12 – 17 in Washington, DC)
- @Night – The iOS of Sauron- How iOS Tracks Everything You Do
[LINK] SANS Cyber Threat Intelligence Summit (Jan 25 – 30 in Arlington, VA)