Large breaches like SingHealth's resulted in detailed public reports.
Using those, we will map portions of the attacks to ATT&CK, then see how to monitor for them using qsquery.
Though most of these public reports address breaches that touched Windows environments, we will translate the Windowsness into "what would that same technique look like on Mac?".
See a full description about this session on our website