Blueprint: Build the Best in Cyber Defense
Are you a cyber defender looking to keep up on the newest tools, technology, and security concepts? Then BLUEPRINT is the podcast for you! Tune in to hear the latest in cyber defense and security operations from blue team leaders and experts. With a focus on learning, BLUEPRINT includes interviews with today’s top security practitioners defending the world’s most respected brands, and in-depth explanations on the newest technologies, protocols, and defensive tools. BLUEPRINT, is a podcast hosted by John Hubbard and brought to you by the SANS Institute. BLUEPRINT - your one-stop shop for taking your defense skills to the next level!
Blueprint: Build the Best in Cyber Defense
Cat Self: macOS and Linux Security
Click here to send us your ideas and feedback on Blueprint!
Ever wonder why there’s so little information regarding macOS and Linux-oriented attacks? In this episode, we get the answer from the multi-talented Cat Self - an Adversary Emulation Engineer at MITRE, Cyber Threat Intelligence Team Leader on ATT&CK Evaluations and macOS/ Lead on MITRE ATT&CK Enterprise. We discuss defense tools, attacker TTPs, and what to consider when approaching defense for a macOS and Linux environment, and what trends we can expect in the future for these operating systems. Check out the resources below for links mentioned during this enlightening conversation!
Our Guest: Cat Self
Cat Self is the CTI Lead for MITRE ATT&CK® Evaluations, macOS/Linux Lead for ATT&CK® and serves as a leader of people at MITRE. Cat started her cyber security career at Target and has worked as a developer, internal red team operator, and Threat Hunter. Cat is a former military intelligence veteran and pays it forward through mentorship, technical macOS hunting workshops, and public speaking. Outside of work, she is often planning an epic adventure or climbing mountains in foreign lands.
Follow Cat on Social Media
Twitter: @coolestcatiknow
LinkedIn: Cat Self
Resources mentioned in this episode:
A highlight of new security changes in macOS Ventura:
https://www.sentinelone.com/blog/apples-macos-ventura-7-new-security-changes-to-be-aware-of/
For securing a macOS device, I highly recommend installing Patrick Wardle’s endpoint tools. https://objective-see.org/tools.html My favorites are BlockBlock, KnockKnock, Lulu, & Netiquette.
Cat's “GoTo” blogs
Patrick Wardle Objective-See
Jaron Bradley The Mitten Mac
Howard Oakley The Eclectic Light Company
Cody Thomas Medium
Sarah Edwards mac4n6
Leo Pitt Medium
Christopher Ross Medium
Csaba Fitzl THEEVILBIT Blog
Open Source Projects
Playbooks with Datasets to practice OTRF
Code snippets aligned to MITRE ATT&CK Atomic Red Team
Jupyter notebook environment setup by
Learn more about SANS' SOC courses at sans.org/soc
Connect with John:
- LinkedIn
- Take A Training Course with John
SOC Analyst and Leadership Training Courses:
- SEC450: Blue Team Fundamentals - Security Operations and Analysis
- LDR551: Building and Leading Security Operations Centers
SANS:
- Cyber Defense Course List
- Upcoming Training Events
- Free tools, VMs, cheat sheets and more for cyber defenders
