SlideShare a Scribd company logo

Mw arch mac_tips and tricks v1.0

Michael Gough, profile picture
Michael Gough

The document provides security tips for Mac users, emphasizing that Macs are not immune to malware as usage and threats increase. It highlights essential security measures such as using reputable antivirus software, monitoring network traffic with tools like Little Snitch, and maintaining proper logging systems. It offers resources for safe browsing and additional tools for enhancing security on Mac systems.

Technology
Related topics:
Information Security
1 of 26
Downloaded 19 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Securing your MAC and Safe Surfing, Tips and Tricks Michael Gough – Founder MalwareArchaeology.com MalwareArchaeology.com
Who am I • Blue Team Defender Ninja, Malware Archaeologist, Logoholic • I love “properly” configured logs – they tell us Who, What, Where, When and hopefully How Creator of “Windows Logging Cheat Sheet” “Windows File Auditing Cheat Sheet” “Windows Registry Auditing Cheat Sheet” “Windows PowerShell Logging Cheat Sheet” “Windows Splunk Logging Cheat Sheet” “Malware Management Framework” • Co-Creator of “Log-MD” – Log Malicious Discovery Tool – With @Boettcherpwned – Brakeing Down Security PodCast • @HackerHurricane also my Blog MalwareArchaeology.com
Stats MalwareArchaeology.com
MAC’s don’t get viruses • Wrong ! • MAC use is growing • More malware – 815 in 2015 • AV-Test states 0.06% – Windows is KING MalwareArchaeology.com
MAC Malware • Most are Unwanted Applications - USER MalwareArchaeology.com
MAC Malware MalwareArchaeology.com
MAC Malware MalwareArchaeology.com
AV for the Mac • Stick with the BIG names • Free is NOT better • Sophos MalwareArchaeology.com
Gatekeeper • Designed to protect users by only allowing “approved” software • Patrick Wardle with SynAck found a vulnerability in 2015 • Apple issued a patch in January 2016 • Most MAC infections will come from users installing bad or malicious software MalwareArchaeology.com
RansomWare • This first MAC RansomWare was seen in 2016 – KeRanger • Fake BitTorrent client • User approves and installs MalwareArchaeology.com
Tools MalwareArchaeology.com
Little Snitch • Firewall / Network Monitor App • Watches any communication and alerts you to outbound traffic • https://www.obdev.at/products/littlesnitch/in dex.html MalwareArchaeology.com
A MUST HAVE website • https://objective-see.com/index.html MalwareArchaeology.com
Logging MalwareArchaeology.com
Logging System log • The main system log is found simply by opening the Console application. It is found in the "Utilities" folder inside the computer's "Applications" folder. Printing logs • The CUPS printing subsystem in Mac OS X 10.2 and later keeps its logs in the following location: – /var/log/cups/error_log Crash logs • When individual applications like Microsoft Word or Apple Mail crash, the operating system will create a crash log. These log files are organized by application and stored in: – ~/Library/Logs/ • The crash logs can be opened in the Console utility, or displayed in the Apple System Profiler program. • Crash logs may be useful to technical staff. They can be invaluable to vendors wishing to fix problems in programs, as well. Kernel panic log • A kernel panic is a very rare event in Mac OS X. In Mac OS X 10.2, you will see the following information on your screen if you have a kernel panic: MalwareArchaeology.com
Logging • You may want additional debug information • You have to enable it • sudo launchctl log level debug MalwareArchaeology.com
Logging Console – Built in App – Applications – Utilities - Console 3rd Party log viewers • LogrPro – https://lograpp.wordpress.com/ • Log File Navigator – http://lnav.org/ MalwareArchaeology.com
Logging • LogTail App – can do over SSH – http://www.logtailapp.com/ • LogMX – CSV – http://www.logmx.com/download • LogDiver – http://www.logdiver.com/ MalwareArchaeology.com
Cron files • Scheduled jobs Cron tabs • /etc/crontab • /usr/lib/cron/tabs/* MalwareArchaeology.com
The Web MalwareArchaeology.com
Safe Browsing • Aviator – Secure by design – https://www.whitehatsec.com/terms-conditions/aviator/ Safari • Incognito for Safari – Surf anonymously • Web of Trust (WOT) – URL reputation MalwareArchaeology.com
Safe Browsing Plugins for Chrome and FireFox • LastPass – Password manager • Xmarks – bookmark sync • HTTPS Everywhere – Force HTTPS • uBlock Origin – Block offsite content • Ad Block+ - Block Ads • Web of Trust (WOT) – URL reputation MalwareArchaeology.com
Windoz MalwareArchaeology.com
You a Windows user? • New tool to help you audit the logging settings • Helps you enable the proper logging • Harvests the logs only if properly set • Performs full filesystem hash baseline • Performs full registry baseline • SRUM data from Win 8.1 and 10 • AutoRuns report • 25+ reports MalwareArchaeology.com
Resources • Websites – MalwareArchaeology.com – Log-MD.com The tool • The “Windows Logging Cheat Sheet” – MalwareArchaeology.com • Malware Analysis Report links too – To start your Malware Management program MalwareArchaeology.com
Questions? • You can find us at: • @HackerHurricane • Log-MD.com • MalwareArchaeology.com • HackerHurricane.com (blog) • http://www.slideshare.net MalwareArchaeology.com

More Related Content

PDF
RMISC logging for hackers
Michael Gough
 
PDF
What can you do about ransomware
Michael Gough
 
PDF
Logging for Hackers - What you need to know to catch them
Michael Gough
 
PDF
Deeplook into apt and how to detect and defend v1.0
Michael Gough
 
PDF
Logging for hackers SAINTCON
Michael Gough
 
PDF
Secure Yourself, Practice what we preach - BSides Austin 2015
Michael Gough
 
PDF
Email keeps getting us pwned v1.1
Michael Gough
 
PDF
Sandbox vs manual analysis v2.1
Michael Gough
 
RMISC logging for hackers
Michael Gough
 
What can you do about ransomware
Michael Gough
 
Logging for Hackers - What you need to know to catch them
Michael Gough
 
Deeplook into apt and how to detect and defend v1.0
Michael Gough
 
Logging for hackers SAINTCON
Michael Gough
 
Secure Yourself, Practice what we preach - BSides Austin 2015
Michael Gough
 
Email keeps getting us pwned v1.1
Michael Gough
 
Sandbox vs manual analysis v2.1
Michael Gough
 

What's hot (20)

PDF
Email keeps getting us pwned - Avoiding Ransomware and malware
Michael Gough
 
PDF
DIR ISF - Email keeps getting us pwned v1.1
Michael Gough
 
PDF
Info sec is not daunting v1.0
Michael Gough
 
PDF
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
Michael Gough
 
PDF
Email keeps getting us pwned v1.0
Michael Gough
 
PDF
Sandbox vs manual malware analysis v1.1
Michael Gough
 
PDF
Finding attacks with these 6 events
Michael Gough
 
PDF
Ask a Malware Archaeologist
Michael Gough
 
PDF
InnoTech 2017_Defend_Against_Ransomware 3.0
Michael Gough
 
PDF
Commodity malware means YOU
Michael Gough
 
PDF
Logging for Hackers v1.0
Michael Gough
 
PDF
Proper logging can catch breaches like retail PoS
Michael Gough
 
PDF
Logs, Logs, Logs - What you need to know to catch a thief
Michael Gough
 
PDF
Malware Management - HouSecCon 2014
Michael Gough
 
PDF
Windows IR made easier and faster v1.0
Michael Gough
 
PDF
You need a PROcess to catch running processes and their modules_v2.0
Michael Gough
 
PDF
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
Michael Gough
 
PDF
Cred stealing emails bsides austin_2018 v1.0
Michael Gough
 
PDF
Detecting WMI Exploitation v1.1
Michael Gough
 
PDF
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
Michael Gough
 
Email keeps getting us pwned - Avoiding Ransomware and malware
Michael Gough
 
DIR ISF - Email keeps getting us pwned v1.1
Michael Gough
 
Info sec is not daunting v1.0
Michael Gough
 
MW_Arch Fastest_way_to_hunt_on_Windows_v1.01
Michael Gough
 
Email keeps getting us pwned v1.0
Michael Gough
 
Sandbox vs manual malware analysis v1.1
Michael Gough
 
Finding attacks with these 6 events
Michael Gough
 
Ask a Malware Archaeologist
Michael Gough
 
InnoTech 2017_Defend_Against_Ransomware 3.0
Michael Gough
 
Commodity malware means YOU
Michael Gough
 
Logging for Hackers v1.0
Michael Gough
 
Proper logging can catch breaches like retail PoS
Michael Gough
 
Logs, Logs, Logs - What you need to know to catch a thief
Michael Gough
 
Malware Management - HouSecCon 2014
Michael Gough
 
Windows IR made easier and faster v1.0
Michael Gough
 
You need a PROcess to catch running processes and their modules_v2.0
Michael Gough
 
BSidesOK_You_CAN_detect_PowerShell_attacks_v1.1
Michael Gough
 
Cred stealing emails bsides austin_2018 v1.0
Michael Gough
 
Detecting WMI Exploitation v1.1
Michael Gough
 
EDR, ETDR, Next Gen AV is all the rage, so why am I ENRAGED?
Michael Gough
 
Ad

Similar to Mw arch mac_tips and tricks v1.0 (20)

PPTX
Application Explosion How to Manage Productivity vs Security
Lumension
 
PDF
CMS Hacking Tricks - DerbyCon 4 - 2014
Greg Foss
 
PDF
When Security Tools Fail You
Michael Gough
 
PDF
Attacking and Defending Mobile Applications
Jerod Brennen
 
PDF
Sophisticated Attacks - Can We Really Detect Them _v1.2.pdf
Michael Gough
 
PPTX
Manual JavaScript Analysis Is A Bug
Lewis Ardern
 
PPTX
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
TestDevLab
 
PDF
Can_We_Really_Detect_These_So_Called_Sophisticated_Attacks?
Michael Gough
 
PPTX
Building your Open Source Security stack
Héctor Eryx Paredes Camacho
 
PDF
Computer security
Mohamed Abdo
 
PDF
SANS Digital Forensics and Incident Response Poster 2012
Rian Yulian
 
PDF
Construye tu stack de ciberseguridad con open source
Software Guru
 
PDF
VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...
YaJUG
 
PDF
soctool.pdf
nitinscribd
 
PPTX
Java Web Security Class
Rich Helton
 
PDF
Defending against Ransomware and what you can do about it
JoAnna Cheshire
 
PPTX
OSX/Pirrit: The blue balls of OS X adware
Amit Serper
 
PPTX
Malware Analysis
Ramin Farajpour Cami
 
PDF
CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)
Sam Bowne
 
PDF
Securing the Apache web server
webhostingguy
 
Application Explosion How to Manage Productivity vs Security
Lumension
 
CMS Hacking Tricks - DerbyCon 4 - 2014
Greg Foss
 
When Security Tools Fail You
Michael Gough
 
Attacking and Defending Mobile Applications
Jerod Brennen
 
Sophisticated Attacks - Can We Really Detect Them _v1.2.pdf
Michael Gough
 
Manual JavaScript Analysis Is A Bug
Lewis Ardern
 
Security Vulnerabilities in Mobile Applications (Kristaps Felzenbergs)
TestDevLab
 
Can_We_Really_Detect_These_So_Called_Sophisticated_Attacks?
Michael Gough
 
Building your Open Source Security stack
Héctor Eryx Paredes Camacho
 
Computer security
Mohamed Abdo
 
SANS Digital Forensics and Incident Response Poster 2012
Rian Yulian
 
Construye tu stack de ciberseguridad con open source
Software Guru
 
VoxxedDays Luxembourg - Abuse web browsers for fun & profits - Dominique Righ...
YaJUG
 
soctool.pdf
nitinscribd
 
Java Web Security Class
Rich Helton
 
Defending against Ransomware and what you can do about it
JoAnna Cheshire
 
OSX/Pirrit: The blue balls of OS X adware
Amit Serper
 
Malware Analysis
Ramin Farajpour Cami
 
CNIT 152: 12 Investigating Windows Systems (Part 2 of 3)
Sam Bowne
 
Securing the Apache web server
webhostingguy
 
Ad

More from Michael Gough (8)

PDF
Hacking a backup power solution(s) for your home, Tornado tested!
Michael Gough
 
PDF
My InfoSec journey led me to create my own IR tools, how, and why you should too
Michael Gough
 
PPTX
Incident Response Fails
Michael Gough
 
PDF
Windows Incident Response is hard, but doesn't have to be
Michael Gough
 
PDF
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Michael Gough
 
PDF
MITRE AttACK framework it is time you took notice_v1.0
Michael Gough
 
PDF
You can detect PowerShell attacks
Michael Gough
 
PDF
Proper logging can catch breaches like retail PoS
Michael Gough
 
Hacking a backup power solution(s) for your home, Tornado tested!
Michael Gough
 
My InfoSec journey led me to create my own IR tools, how, and why you should too
Michael Gough
 
Incident Response Fails
Michael Gough
 
Windows Incident Response is hard, but doesn't have to be
Michael Gough
 
Introducing ArTHIR - ATT&CK Remote Threat Hunting Incident Response Windows tool
Michael Gough
 
MITRE AttACK framework it is time you took notice_v1.0
Michael Gough
 
You can detect PowerShell attacks
Michael Gough
 
Proper logging can catch breaches like retail PoS
Michael Gough
 

Recently uploaded (20)

PDF
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PDF
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
PDF
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
A comparative study of natural language inference in Swahili using monolingua...
IAESIJAI
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
WOOl fibre morphology and structure.pdf for textiles
Rajendrakumar868651
 
A novel scalable deep ensemble learning framework for big data classification...
IAESIJAI
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 

Mw arch mac_tips and tricks v1.0

  • 1. Securing your MAC and Safe Surfing, Tips and Tricks Michael Gough – Founder MalwareArchaeology.com MalwareArchaeology.com
  • 2. Who am I • Blue Team Defender Ninja, Malware Archaeologist, Logoholic • I love “properly” configured logs – they tell us Who, What, Where, When and hopefully How Creator of “Windows Logging Cheat Sheet” “Windows File Auditing Cheat Sheet” “Windows Registry Auditing Cheat Sheet” “Windows PowerShell Logging Cheat Sheet” “Windows Splunk Logging Cheat Sheet” “Malware Management Framework” • Co-Creator of “Log-MD” – Log Malicious Discovery Tool – With @Boettcherpwned – Brakeing Down Security PodCast • @HackerHurricane also my Blog MalwareArchaeology.com
  • 4. MAC’s don’t get viruses • Wrong ! • MAC use is growing • More malware – 815 in 2015 • AV-Test states 0.06% – Windows is KING MalwareArchaeology.com
  • 5. MAC Malware • Most are Unwanted Applications - USER MalwareArchaeology.com
  • 8. AV for the Mac • Stick with the BIG names • Free is NOT better • Sophos MalwareArchaeology.com
  • 9. Gatekeeper • Designed to protect users by only allowing “approved” software • Patrick Wardle with SynAck found a vulnerability in 2015 • Apple issued a patch in January 2016 • Most MAC infections will come from users installing bad or malicious software MalwareArchaeology.com
  • 10. RansomWare • This first MAC RansomWare was seen in 2016 – KeRanger • Fake BitTorrent client • User approves and installs MalwareArchaeology.com
  • 12. Little Snitch • Firewall / Network Monitor App • Watches any communication and alerts you to outbound traffic • https://www.obdev.at/products/littlesnitch/in dex.html MalwareArchaeology.com
  • 13. A MUST HAVE website • https://objective-see.com/index.html MalwareArchaeology.com
  • 15. Logging System log • The main system log is found simply by opening the Console application. It is found in the "Utilities" folder inside the computer's "Applications" folder. Printing logs • The CUPS printing subsystem in Mac OS X 10.2 and later keeps its logs in the following location: – /var/log/cups/error_log Crash logs • When individual applications like Microsoft Word or Apple Mail crash, the operating system will create a crash log. These log files are organized by application and stored in: – ~/Library/Logs/ • The crash logs can be opened in the Console utility, or displayed in the Apple System Profiler program. • Crash logs may be useful to technical staff. They can be invaluable to vendors wishing to fix problems in programs, as well. Kernel panic log • A kernel panic is a very rare event in Mac OS X. In Mac OS X 10.2, you will see the following information on your screen if you have a kernel panic: MalwareArchaeology.com
  • 16. Logging • You may want additional debug information • You have to enable it • sudo launchctl log level debug MalwareArchaeology.com
  • 17. Logging Console – Built in App – Applications – Utilities - Console 3rd Party log viewers • LogrPro – https://lograpp.wordpress.com/ • Log File Navigator – http://lnav.org/ MalwareArchaeology.com
  • 18. Logging • LogTail App – can do over SSH – http://www.logtailapp.com/ • LogMX – CSV – http://www.logmx.com/download • LogDiver – http://www.logdiver.com/ MalwareArchaeology.com
  • 19. Cron files • Scheduled jobs Cron tabs • /etc/crontab • /usr/lib/cron/tabs/* MalwareArchaeology.com
  • 21. Safe Browsing • Aviator – Secure by design – https://www.whitehatsec.com/terms-conditions/aviator/ Safari • Incognito for Safari – Surf anonymously • Web of Trust (WOT) – URL reputation MalwareArchaeology.com
  • 22. Safe Browsing Plugins for Chrome and FireFox • LastPass – Password manager • Xmarks – bookmark sync • HTTPS Everywhere – Force HTTPS • uBlock Origin – Block offsite content • Ad Block+ - Block Ads • Web of Trust (WOT) – URL reputation MalwareArchaeology.com
  • 24. You a Windows user? • New tool to help you audit the logging settings • Helps you enable the proper logging • Harvests the logs only if properly set • Performs full filesystem hash baseline • Performs full registry baseline • SRUM data from Win 8.1 and 10 • AutoRuns report • 25+ reports MalwareArchaeology.com
  • 25. Resources • Websites – MalwareArchaeology.com – Log-MD.com The tool • The “Windows Logging Cheat Sheet” – MalwareArchaeology.com • Malware Analysis Report links too – To start your Malware Management program MalwareArchaeology.com
  • 26. Questions? • You can find us at: • @HackerHurricane • Log-MD.com • MalwareArchaeology.com • HackerHurricane.com (blog) • http://www.slideshare.net MalwareArchaeology.com