Nothing but Net: Leveraging macOS's Networking Frameworks to Heuristically Detect Malware

Learn to detect malware using macOS network frameworks and techniques, plus prolonging performance and compatibility.

Key takeaways
  • Nothing but Net: Leveraging macOS’s Networking Frameworks to Heuristically Detect Malware
  • Apple’s private plugins are still a grey area in terms of legitimate or malicious
  • Focuses on host-based network monitoring as opposed to signature-based or behavioral detection
  • Use of DNS monitor to detect malware
  • BlockBlock tool is used to block connection to command and control server
  • Use of network statistics framework to detect suspicious network activity
  • importance of identifying responsible process
  • Observing network events to detect malware
  • Performance and dependencies
  • Solve the problem of observers and detectors
  • To classify processes or backward compatibility
  • Some challenges and compromises are already facing
  • There are many ways to approach this process.

More talks

Webpack in 5 Years? – Tobias Koppers, JSNation 2022

37C3 - Fnord-Jahresrückblick-Rückblick

How we used Reinforcement Learning to solve the Abbey of Crime | Juantomás Garcia Molina

David Nicholson- vak: neural network models for acoustic behavior | SciPy 2023

Jake Archibald & Surma - Setting up a static render in 30 minutes

Bücherratten: IPv6 - Eine kleine Einführung mit Linux

A Manufacturer's Post-Shipment Approach to Fend-Off IoT Malware in Home Appliances

Accelerator Value Proposition. Panel moderated by Marija Rucevska / Helve