MacOS Endpoint Security Framework - What it can do and how to use it

Recordings

https://www.youtube.com/watch?v=XNFU9296_r0

View Recording

Slides

/files/slides/001_01-7FB9VT-ESF presentation-WithSecure-online.pdf

View Slides

Abstract

Endpoint Security Framework (ESF) is the new(ish) security auditing tool that Apple has introduced to provide the security industry with a one stop shop for all its telemetry needs. Released in MacOS version 10.15 in 2019, the ESF is capable of providing real time telemetry for detection and automated defensive purposes without a Kernel Extension. This talk will provide an explanation as to why this was introduced, how it can be used and some of the real world applications and issues with its use.

Connor Morley

Connor Morley is a senior security researcher at F-Secure. A keen investigator of malicious TTP’s, he enjoys experimenting and dissecting malicious tools to determine functionality and developing detection methodology. As a researcher and part time threat hunter he is experienced with traditional and ‘in the wild’ malicious actors’ behaviour.