Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Mw arch mac_tips and tricks v1.0

257 views

Published on

Securing your Mac and Safe Surfing Tips and Tricks
Malware Archaeology,
LOG-MD,
Malware Archaeology.com,
LOG-MD.com

Published in: Technology
  • Be the first to like this

Mw arch mac_tips and tricks v1.0

  1. 1. Securing your MAC and Safe Surfing, Tips and Tricks Michael Gough – Founder MalwareArchaeology.com MalwareArchaeology.com
  2. 2. Who am I • Blue Team Defender Ninja, Malware Archaeologist, Logoholic • I love “properly” configured logs – they tell us Who, What, Where, When and hopefully How Creator of “Windows Logging Cheat Sheet” “Windows File Auditing Cheat Sheet” “Windows Registry Auditing Cheat Sheet” “Windows PowerShell Logging Cheat Sheet” “Windows Splunk Logging Cheat Sheet” “Malware Management Framework” • Co-Creator of “Log-MD” – Log Malicious Discovery Tool – With @Boettcherpwned – Brakeing Down Security PodCast • @HackerHurricane also my Blog MalwareArchaeology.com
  3. 3. Stats MalwareArchaeology.com
  4. 4. MAC’s don’t get viruses • Wrong ! • MAC use is growing • More malware – 815 in 2015 • AV-Test states 0.06% – Windows is KING MalwareArchaeology.com
  5. 5. MAC Malware • Most are Unwanted Applications - USER MalwareArchaeology.com
  6. 6. MAC Malware MalwareArchaeology.com
  7. 7. MAC Malware MalwareArchaeology.com
  8. 8. AV for the Mac • Stick with the BIG names • Free is NOT better • Sophos MalwareArchaeology.com
  9. 9. Gatekeeper • Designed to protect users by only allowing “approved” software • Patrick Wardle with SynAck found a vulnerability in 2015 • Apple issued a patch in January 2016 • Most MAC infections will come from users installing bad or malicious software MalwareArchaeology.com
  10. 10. RansomWare • This first MAC RansomWare was seen in 2016 – KeRanger • Fake BitTorrent client • User approves and installs MalwareArchaeology.com
  11. 11. Tools MalwareArchaeology.com
  12. 12. Little Snitch • Firewall / Network Monitor App • Watches any communication and alerts you to outbound traffic • https://www.obdev.at/products/littlesnitch/in dex.html MalwareArchaeology.com
  13. 13. A MUST HAVE website • https://objective-see.com/index.html MalwareArchaeology.com
  14. 14. Logging MalwareArchaeology.com
  15. 15. Logging System log • The main system log is found simply by opening the Console application. It is found in the "Utilities" folder inside the computer's "Applications" folder. Printing logs • The CUPS printing subsystem in Mac OS X 10.2 and later keeps its logs in the following location: – /var/log/cups/error_log Crash logs • When individual applications like Microsoft Word or Apple Mail crash, the operating system will create a crash log. These log files are organized by application and stored in: – ~/Library/Logs/ • The crash logs can be opened in the Console utility, or displayed in the Apple System Profiler program. • Crash logs may be useful to technical staff. They can be invaluable to vendors wishing to fix problems in programs, as well. Kernel panic log • A kernel panic is a very rare event in Mac OS X. In Mac OS X 10.2, you will see the following information on your screen if you have a kernel panic: MalwareArchaeology.com
  16. 16. Logging • You may want additional debug information • You have to enable it • sudo launchctl log level debug MalwareArchaeology.com
  17. 17. Logging Console – Built in App – Applications – Utilities - Console 3rd Party log viewers • LogrPro – https://lograpp.wordpress.com/ • Log File Navigator – http://lnav.org/ MalwareArchaeology.com
  18. 18. Logging • LogTail App – can do over SSH – http://www.logtailapp.com/ • LogMX – CSV – http://www.logmx.com/download • LogDiver – http://www.logdiver.com/ MalwareArchaeology.com
  19. 19. Cron files • Scheduled jobs Cron tabs • /etc/crontab • /usr/lib/cron/tabs/* MalwareArchaeology.com
  20. 20. The Web MalwareArchaeology.com
  21. 21. Safe Browsing • Aviator – Secure by design – https://www.whitehatsec.com/terms-conditions/aviator/ Safari • Incognito for Safari – Surf anonymously • Web of Trust (WOT) – URL reputation MalwareArchaeology.com
  22. 22. Safe Browsing Plugins for Chrome and FireFox • LastPass – Password manager • Xmarks – bookmark sync • HTTPS Everywhere – Force HTTPS • uBlock Origin – Block offsite content • Ad Block+ - Block Ads • Web of Trust (WOT) – URL reputation MalwareArchaeology.com
  23. 23. Windoz MalwareArchaeology.com
  24. 24. You a Windows user? • New tool to help you audit the logging settings • Helps you enable the proper logging • Harvests the logs only if properly set • Performs full filesystem hash baseline • Performs full registry baseline • SRUM data from Win 8.1 and 10 • AutoRuns report • 25+ reports MalwareArchaeology.com
  25. 25. Resources • Websites – MalwareArchaeology.com – Log-MD.com The tool • The “Windows Logging Cheat Sheet” – MalwareArchaeology.com • Malware Analysis Report links too – To start your Malware Management program MalwareArchaeology.com
  26. 26. Questions? • You can find us at: • @HackerHurricane • Log-MD.com • MalwareArchaeology.com • HackerHurricane.com (blog) • http://www.slideshare.net MalwareArchaeology.com

×