Sign up to save your podcasts
Or
Share Jaron Bradley: Securing Enterprise macOS
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Jaron Bradley: Securing Enterprise macOS
Click here to send us your ideas and feedback on Blueprint!
In this episode of the Blueprint Podcast, we cover monitoring and securing macOS in an enterprise environment at scale with Jaron Bradley, Threat Detection lead at Jamf. We discuss the ups and downs of Apple's approach to macOS data collection over the years, the data sources and types that are accessible to defenders, what 3rd party agents bring to the table for security monitoring, and much more. Plus, Jaron gives us some great bonus tips for finding persistence mechanisms and malicious processes in enterprise macOS devices.
Our Guest - Jaron Bradley
Jaron has a background in Incident Response, threat hunting, and detections development. After focusing on large scale APT attacks he developed an interest in the more niche spaces of lesser explored operating systems. He has experience as both a SOC analyst as well as detections engineering at the endpoint level.Jaron currently works as the macOS Detections Lead at Jamf Threat Labs and manages his own security tools and content for security researchers atthemittenmac.com. He is also the author of OS X Incident Response Scripting and Analysis. A book he claims is slightly outdated but still relevant to a lot of macOS analysis today.
Resources mentioned in this episode
Websites
- https://www.themittenmac.com (my website)
- objective-see.com (great mac security website)
- Major Blogs Referenced by Jamf Threat Labs
- https://www.jamf.com/blog/shlayer-malware-abusing-gatekeeper-bypass-on-macos/
- https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/
- https://www.jamf.com/blog/jamf-threat-labs-safari-vuln-gatekeeper-bypass/
- https://www.jamf.com/threat-labs/ (threat labs home)
Conferences
- Jamf Nation User Conference -> https://www.jamf.com/events/jamf-nation-user-conference/2022/
- Objective by the sea 5.0 ->
Check out John's SOC Training Courses for SOC Analysts and Leaders:
- SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
- LDR551: Building and Leader Security Operations Centers
Follow and Connect with John: LinkedIn
View all episodes
By SANS Institute
4.9
131131 ratings
Click here to send us your ideas and feedback on Blueprint!
In this episode of the Blueprint Podcast, we cover monitoring and securing macOS in an enterprise environment at scale with Jaron Bradley, Threat Detection lead at Jamf. We discuss the ups and downs of Apple's approach to macOS data collection over the years, the data sources and types that are accessible to defenders, what 3rd party agents bring to the table for security monitoring, and much more. Plus, Jaron gives us some great bonus tips for finding persistence mechanisms and malicious processes in enterprise macOS devices.
Our Guest - Jaron Bradley
Jaron has a background in Incident Response, threat hunting, and detections development. After focusing on large scale APT attacks he developed an interest in the more niche spaces of lesser explored operating systems. He has experience as both a SOC analyst as well as detections engineering at the endpoint level.Jaron currently works as the macOS Detections Lead at Jamf Threat Labs and manages his own security tools and content for security researchers atthemittenmac.com. He is also the author of OS X Incident Response Scripting and Analysis. A book he claims is slightly outdated but still relevant to a lot of macOS analysis today.
Resources mentioned in this episode
Websites
- https://www.themittenmac.com (my website)
- objective-see.com (great mac security website)
- Major Blogs Referenced by Jamf Threat Labs
- https://www.jamf.com/blog/shlayer-malware-abusing-gatekeeper-bypass-on-macos/
- https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/
- https://www.jamf.com/blog/jamf-threat-labs-safari-vuln-gatekeeper-bypass/
- https://www.jamf.com/threat-labs/ (threat labs home)
Conferences
- Jamf Nation User Conference -> https://www.jamf.com/events/jamf-nation-user-conference/2022/
- Objective by the sea 5.0 ->
Check out John's SOC Training Courses for SOC Analysts and Leaders:
- SEC450: SOC Analyst Training - Applied Skills for Cyber Defense Operations
- LDR551: Building and Leader Security Operations Centers
Follow and Connect with John: LinkedIn
More shows like Blueprint: Build the Best in Cyber Defense
View all
Security Now (Audio)
1,986 Listeners
Risky Business
364 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
639 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
CyberWire Daily
1,018 Listeners
Smashing Security
318 Listeners
Click Here
406 Listeners
Darknet Diaries
7,951 Listeners
CISO Series Podcast
189 Listeners
![Talkin' About [Infosec] News, Powered by Black Hills Information Security by Black Hills Information Security](https://podcast-api-images.s3.amazonaws.com/corona/show/516141/logo_300x300.jpeg){kind=logo}
Talkin' About [Infosec] News, Powered by Black Hills Information Security
92 Listeners
Defense in Depth
77 Listeners
Cyber Security Headlines
129 Listeners
How to Fix the Internet
118 Listeners
Cloud Security Podcast by Google
39 Listeners
Risky Bulletin
43 Listeners