Attendees will learn how to use Apple's Endpoint Security API as an event source to build behavior-based detections. This session will explore the difference between old and new ways of detecting malicious activity on Mac, how to use (often overlooked) process field information, and how to use ES events to determine when more advanced system exploitation is occurring.


RSAC 2023 brought together thousands of cybersecurity professionals for four incredible days of expert perspectives, groundbreaking innovation, and best practices. 

MacOS Behavioral Detections using Apple Endpoint Security API

Conference: RSA Conference 2023

Authors: Matt Benyo, Jaron Bradley

Abstract

Post a comment

Related work

Leveraging the Apple ESF for Behavioral Detections

Getting The Most Out Of Sysmon

Office Drama on macOS

Detecting Malicious Cloud Account Behavior: A Look at the New Native Platform Capabilities

Use & Abuse of Personal Information

Bot or human? Detecting malicious bots with machine learning in 2021