When Macs Get Hacked - SANS Computer Forensics
When Macs Get Hacked - SANS Computer Forensics
When Macs Get Hacked - SANS Computer Forensics
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Antivirus:<br />
XProtect<br />
/System/Library/CoreServices/<br />
CoreTypes.bundle/Contents/Resources<br />
XProtect.meta.plist<br />
Last Update Date & Version<br />
XProtect.plist<br />
AV Signatures<br />
Weaknesses<br />
Apple updates it, sometimes.<br />
Very few signatures on blacklist<br />
No Heuristics<br />
Only checks “quarantined” files<br />
oompa@csh.rit.edu | @iamevltwin