atlas sardines

Protecting your Mac

Anti-virus are great albeit not the most effective piece of software. If you are technically inclined, you can protect your Mac from malware with various tools, from custom made to off the shelf. Anti-virus don't let me tinker with them to understand what happens they show me the end results but not how we got there, which I can understand that's their money maker. Open source tools or the one we do ourselves can help us have more insights. Having previously worked as a blue teamer, I have a few tools I use to protect my Mac those resembles the one usually run be a threat hunting team but not packaged as a single binary and without all the telemetry everything is local. I will share them with you here.

On the grand scheme of things is what you should monitor:

• perisistent scripts
• network connections
• physical access
• current running process

• Persitent
  • knockknock - monitory for persisten script
  • blockblock - block common persistent location
• Network
  lulu - firewall on per app basis - will ask for your approval before establishing a new connection - very useful can see which port, protocol, remote DNS name, along with the binary (which we can submit to VT) and the ancestry
  • netiquette - monitor for network connections
• do not disturb - monitor for physical attacks or so called maid attack
• rekey - monitor for keyboard sniffer
• oversight - monitor for webcam and mic activity

FAQ

Yes, they do. They are not as targeted as Windows but they do get malware.

Objective-See has a list of malware that you can download and play with. VX-Underground also has a list. If you really out there to get some you can go on VT to grab binaries

You can "detonate" them in a VM - monitor the state - reverse the binary. We will show you the basics in a future blog posts - meanwhile you can use the following blog posts to get the basics