![]() ![]() ![]() ![]() The principles remain the same if you have a protected device, and understanding what and where to look will help you use any threat hunting software you may already have more effectively. Of course, if you have a SentinelOne-protected Mac, for example, you can do a lot of your hunting right there in the management console or by using the remote shell capability, but for the purposes of this post, we’re going to take an unprotected device and see how we can detect any hidden malware on it. How you go about hunting down malware on a macOS endpoint depends a great deal on what access you have to the device and what kind of software is currently running on it. Clearly, just looking for persistence items isn’t sufficient for threat hunting, so in this post we’ll take a deeper dive into how you can hunt for threats on a macOS device. Then there’s the possibility of malware achieving its objectives and cleaning up after itself, effectively aiming to leave without a trace. But persistence is only one element of the cyber kill chain, and some threat actors are known to shun persistence in favor of either one-time infections or a reusable vulnerability to remain stealthy. In our recent post, How Malware Persists on macOS, we discussed the ways that threat actors can ensure that, once they’ve breached a macOS device, their malicious code will survive a logout or device restart. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |