Mind the Gate: Exploring Bypass Techniques for macOS's Built-in Antivirus Mechanism, Gatekeeper
For defense on MacOS, Apple officially introduced Gatekeeper/Xprotect in 2012, a mechanism for real-time interception of user clicks on known malicious programs, unsigned, and unnotarized. However, does its defense really make it impervious to all threats? In fact, in recent years, attacks targeting Apple enterprise users have continued to emerge, such as the 3CX supply chain attack, TriangleDB, and the first-ever exposed macOS lockbit, which are enough to prove that attackers have long been adept at bypassing Apple's system security mechanisms. This session will delve into the design architecture of this mechanism through reverse engineering, we will introduce the exploitation techniques observed in recent years, and summarize their attack surface. Through actual attack cases, we will explore the latest attack trends, leading the audience to understand the security issues of the Apple system.
TOPIC / TRACK
Threat Research Forum
LOCATION
Taipei Nangang Exhibition Center, Hall 2
1F 1A
LEVEL
Intermediate Intermediate sessions focus on cybersecurity architecture, tools, and practical applications, ideal for professionals with a basic understanding of cybersecurity.
SESSION TYPE
Breakout Session
LANGUAGE
Chinese
SUBTOPIC
Threat Research
Advanced Threat
Endpoint Security
CYBERSEC 2024 uses cookies to provide you with the best user experience possible. By continuing to use this site, you agree to the terms in our Privacy Policy 。