Podcast image

Cat Self: macOS and Linux Security | 32

Blueprint • 2022-08-09

Ever wonder why there’s so little information regarding macOS and Linux-oriented attacks? In this episode, we get the answer from the multi-talented Cat Self - an Adversary Emulation Engineer at MITRE, Cyber Threat Intelligence Team Leader on ATT&CK Evaluations and macOS/ Lead on MITRE ATT&CK Enterprise. We discuss defense tools, attacker TTPs, and what to consider when approaching defense for a macOS and Linux environment, and what trends we can expect in the future for these operating systems. Check out the resources below for links mentioned during this enlightening conversation!

About Cat Self

Cat Self is the CTI Lead for MITRE ATT&CK® Evaluations, macOS/Linux Lead for ATT&CK® and serves as a leader of people at MITRE. Cat started her cyber security career at Target and has worked as a developer, internal red team operator, and Threat Hunter. Cat is a former military intelligence veteran and pays it forward through mentorship, technical macOS hunting workshops, and public speaking. Outside of work, she is often planning an epic adventure or climbing mountains in foreign lands.

Follow Cat on Social Media

Twitter: @coolestcatiknow

LinkedIn: Cat Self

Resources Mentioned in this Episode:

A highlight of new security changes in macOS Ventura:


For securing a macOS device, I highly recommend installing Patrick Wardle’s endpoint tools. https://objective-see.org/tool... My favorites are BlockBlock, KnockKnock, Lulu, & Netiquette.

Cat's “GoTo” Blogs:

Patrick Wardle Objective-See

Jaron Bradley The Mitten Mac

Howard Oakley The Eclectic Light Company

Cody Thomas Medium

Sarah Edwards mac4n6

Leo Pitt Medium

Christopher Ross Medium

Csaba Fitzl THEEVILBIT Blog

Open Source Projects:

RepeaOTRF table hunting playbooks Threathunting.net

Playbooks with Datasets to practice OTRF

Code snippets aligned to MITRE ATT&CK Atomic Red Team

Jupyter notebook environment setup by Anna Pastushko

Virtual environment setup Hold My Beer

Sponsor's Note:

Support for the Blueprint podcast comes from the SANS Institute.

If you like the topics covered in this podcast and would like to learn more about blue team fundamentals such as host and network data collection, threat detection, alert triage, incident management, threat intelligence, and more, check out my new course SEC450: Blue Team Fundamentals.

This course is designed to bring attendees the information that every SOC analyst and blue team member needs to know to hit the ground running, including 15 labs that get you hands on with tools for threat intel, SIEM, incident management, automation and much more, this course has everything you need to launch your blue team career.

Check out the details at sansurl.com/450! Hope to see you in class!
Follow SANS Cyber Defense: Twitter | LinkedIn | YouTube
Follow John Hubbard: Twitter | LinkedIn