MacAdmins is the premier East Coast conference for anyone who deploys and manages Macs and iOS devices. We are featuring 69 sessions and seven workshops with top notch speakers in the macOS and iOS deployment community. MacAdmins offers an incredible level of expertise, value, entertainment, and a great opportunity to network with your fellow admins! Visit our website.
Back To Schedule
Wednesday, July 10 • 10:45am - 12:00pm
Breach -> ATT&CK -> Osquery - Learning from breach reports to improve endpoint monitoring

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Large breaches like SingHealth's resulted in detailed public reports.
Using those, we will map portions of the attacks to ATT&CK, then see how to monitor for them using qsquery.
Though most of these public reports address breaches that touched Windows environments, we will translate the Windowsness into "what would that same technique look like on Mac?".

See a full description about this session on our website

avatar for Guillaume Ross

Guillaume Ross

Principal Security Researcher, Uptycs
Guillaume is a security consultant, working for his company, Caffeine Security, responsible for providing Information Security Program development, security architecture, incident response and other services.With a background in IT and Security Architecture, he advises clients on... Read More →

Wednesday July 10, 2019 10:45am - 12:00pm EDT
208 215 Innovation Boulevard, State College, PA 16803