Black Hat | Nothing but Net: Leveraging macOS's Networking Frameworks to Heuristically Detect Malware @BlackHatOfficialYT | Uploaded 8 months ago | Updated 17 hours ago
As the majority of malware contains networking capabilities, it is well understood that detecting unauthorized network access is a powerful detection heuristic. However, while the concepts of network traffic analysis and monitoring to detect malicious code are well established and widely implemented on platforms such as Windows, there remains a dearth of such capabilities on macOS.
This talk aims to remedy this situation by delving deeply into a myriad of programmatic approaches capable of enumerating network state, statistics, and traffic, directly on a macOS host....
By: Patrick Wardle
Full Abstract and Presentation Materials: blackhat.com/us-23/briefings/schedule/#nothing-but-net-leveraging-macoss-networking-frameworks-to-heuristically-detect-malware-32583
As the majority of malware contains networking capabilities, it is well understood that detecting unauthorized network access is a powerful detection heuristic. However, while the concepts of network traffic analysis and monitoring to detect malicious code are well established and widely implemented on platforms such as Windows, there remains a dearth of such capabilities on macOS.
This talk aims to remedy this situation by delving deeply into a myriad of programmatic approaches capable of enumerating network state, statistics, and traffic, directly on a macOS host....
By: Patrick Wardle
Full Abstract and Presentation Materials: blackhat.com/us-23/briefings/schedule/#nothing-but-net-leveraging-macoss-networking-frameworks-to-heuristically-detect-malware-32583
