EDR Internals for macOS and Linux - Telemetry Sources and Evasion Techniques

Explore the inner workings of Endpoint Detection and Response (EDR) agents for macOS and Linux in this 50-minute conference talk at BSides SATX. Delve into the telemetry sources available to these agents, understanding how they detect malicious behavior and identifying potential evasion opportunities. Compare macOS and Linux telemetry sources to their Windows counterparts, focusing on process creation, authentication, networking, and file activity monitoring. Gain valuable insights for both defenders and attackers, particularly relevant for developers with privileged cloud accounts or access to intellectual property on macOS, and for those managing Linux servers hosting sensitive applications or databases.

2024-06-08, 12:00–, Track 1 UC Conference Rm A