MacOS Behavioral Detections using Apple Endpoint Security API

Posted on in Presentations

Attendees will learn how to use Apple's Endpoint Security API as an event source to build behavior-based detections. This session will explore the difference between old and new ways of detecting malicious activity on Mac, how to use (often overlooked) process field information, and how to use ES events to determine when more advanced system exploitation is occurring.

Matt Benyo


macOS Threat Researcher, Jamf

Jaron Bradley


Director, Jamf

Share With Your Community