Unraveling Multimodality with Large Language Models.pdf
Mw arch mac_tips and tricks v1.0
1. Securing your MAC and Safe
Surfing, Tips and Tricks
Michael Gough – Founder
MalwareArchaeology.com
MalwareArchaeology.com
2. Who am I
• Blue Team Defender Ninja, Malware Archaeologist, Logoholic
• I love “properly” configured logs – they tell us Who, What, Where,
When and hopefully How
Creator of
“Windows Logging Cheat Sheet”
“Windows File Auditing Cheat Sheet”
“Windows Registry Auditing Cheat Sheet”
“Windows PowerShell Logging Cheat Sheet”
“Windows Splunk Logging Cheat Sheet”
“Malware Management Framework”
• Co-Creator of “Log-MD” – Log Malicious Discovery Tool
– With @Boettcherpwned – Brakeing Down Security PodCast
• @HackerHurricane also my Blog
MalwareArchaeology.com
8. AV for the Mac
• Stick with the BIG names
• Free is NOT better
• Sophos
MalwareArchaeology.com
9. Gatekeeper
• Designed to protect users by only allowing
“approved” software
• Patrick Wardle with SynAck found a
vulnerability in 2015
• Apple issued a patch in January 2016
• Most MAC infections will come from users
installing bad or malicious software
MalwareArchaeology.com
10. RansomWare
• This first MAC RansomWare was seen in 2016
– KeRanger
• Fake BitTorrent client
• User approves and installs
MalwareArchaeology.com
12. Little Snitch
• Firewall / Network Monitor App
• Watches any communication and alerts you to
outbound traffic
• https://www.obdev.at/products/littlesnitch/in
dex.html
MalwareArchaeology.com
13. A MUST HAVE website
• https://objective-see.com/index.html
MalwareArchaeology.com
15. Logging
System log
• The main system log is found simply by opening the Console application. It is found in
the "Utilities" folder inside the computer's "Applications" folder.
Printing logs
• The CUPS printing subsystem in Mac OS X 10.2 and later keeps its logs in the following
location:
– /var/log/cups/error_log
Crash logs
• When individual applications like Microsoft Word or Apple Mail crash, the operating
system will create a crash log. These log files are organized by application and stored in:
– ~/Library/Logs/
• The crash logs can be opened in the Console utility, or displayed in the Apple System
Profiler program.
• Crash logs may be useful to technical staff. They can be invaluable to vendors wishing to
fix problems in programs, as well.
Kernel panic log
• A kernel panic is a very rare event in Mac OS X. In Mac OS X 10.2, you will see the
following information on your screen if you have a kernel panic:
MalwareArchaeology.com
16. Logging
• You may want additional debug information
• You have to enable it
• sudo launchctl log level debug
MalwareArchaeology.com
17. Logging
Console – Built in App
– Applications – Utilities - Console
3rd Party log viewers
• LogrPro
– https://lograpp.wordpress.com/
• Log File Navigator
– http://lnav.org/
MalwareArchaeology.com
18. Logging
• LogTail App – can do over SSH
– http://www.logtailapp.com/
• LogMX – CSV
– http://www.logmx.com/download
• LogDiver
– http://www.logdiver.com/
MalwareArchaeology.com
24. You a Windows user?
• New tool to help you audit the logging settings
• Helps you enable the proper logging
• Harvests the logs only if properly set
• Performs full filesystem hash baseline
• Performs full registry baseline
• SRUM data from Win 8.1 and 10
• AutoRuns report
• 25+ reports
MalwareArchaeology.com
25. Resources
• Websites
– MalwareArchaeology.com
– Log-MD.com The tool
• The “Windows Logging Cheat Sheet”
– MalwareArchaeology.com
• Malware Analysis Report links too
– To start your Malware Management program
MalwareArchaeology.com
26. Questions?
• You can find us at:
• @HackerHurricane
• Log-MD.com
• MalwareArchaeology.com
• HackerHurricane.com (blog)
• http://www.slideshare.net
MalwareArchaeology.com