Skip Navigation
Get a Demo
 
Resources Webinars

Red Canary Mac Monitor: A new, free tool for gathering macOS telemetry

The free-to-use software is intended to help researchers monitor and analyze macOS system events, much like ProcMon for Windows systems.

On-Demand

45 mins

Virtual

The free-to-use software is intended to help researchers monitor and analyze macOS system events, much like ProcMon for Windows systems.

 

Visibility is hard to come by on macOS systems. While there’s a wealth of readily available tools that security teams and researchers can use to gather telemetry from Windows systems, there’s a dearth of such tools available for macOS. Organizations seeking better optics from their Apple devices have either had to combine many very specialized tools or pay for a macOS-focused EDR sensor. The resultant lack of visibility into macOS has an obvious consequence: there is a deep knowledge gap about macOS threats and corresponding detection and response strategies.

In this webinar, we’ll show you how we use the Red Canary Mac Monitor tool to dig deep into macOS systems and improve our detection and response capabilities—and how it helped us discover an exploitable Gatekeeper bypass vulnerability in macOS. Attendees will leave this webinar with:

  • A better understanding of visibility limitations and possibilities in macOS
  • Strategies for leveraging visibility to expand macOS detection coverage
  • Additional knowledge about macOS’s Gatekeeper security feature, what it protects against, and how adversaries abuse it
  • Everything you need to know to download and install Red Canary Mac Monitor, a free tool for collecting telemetry from macOS system
 
Brandon Dalton
Senior Threat Researcher
Brandon has worked across government, academia, and the private industry on high-stakes research and software engineering projects. These experiences have propelled him onto Red Canary’s Threat Research team, where he works closely with industry partners to improve EDR telemetry resolution for macOS detections. Additionally, Brandon also leads several internal R&D projects to aid in these objectives, predominantly in Swift and Python.
Brandon has worked across government, academia, and the private industry on high-stakes research and software engineering projects. These experiences have propelled him onto Red Canary’s Threat Research team, where he works closely with industry partners to improve EDR telemetry resolution for macOS detections. Additionally, Brandon also leads several internal R&D projects to aid in these objectives, predominantly in Swift and Python.
 
Matt Graeber
Director, Threat Research
Matt has worked the majority of his security career in offense, facilitating his application of an attacker’s mindset to detection engineering. By pointing out gaps in detection coverage, Matt is able to effectively offer actionable detection improvement guidance. Matt loves to apply his reverse engineering skills to understand attack techniques at a deeper level in order to understand the workflow attackers use to evade security controls.
Matt has worked the majority of his security career in offense, facilitating his application of an attacker’s mindset to detection engineering. By pointing out gaps in detection coverage, Matt is able to effectively offer actionable detection improvement guidance. Matt loves to apply his reverse engineering skills to understand attack techniques at a deeper level in order to understand the workflow attackers use to evade security controls.
 
Cori Smith
Threat Hunter
Cori has experience across multiple disciplines including incident response, security architecture and automation, and compliance. In her current role, she collaborates with Red Canary’s technical teams to provide concise and detailed explanations of security topics and emerging threats and also acts as a security advisor to customers. When not threat hunting or handling incidents, Cori also enjoys being involved in open source or free projects to enable and equip others in the cyber community.
Cori has experience across multiple disciplines including incident response, security architecture and automation, and compliance. In her current role, she collaborates with Red Canary’s technical teams to provide concise and detailed explanations of security topics and emerging threats and also acts as a security advisor to customers. When not threat hunting or handling incidents, Cori also enjoys being involved in open source or free projects to enable and equip others in the cyber community.
 
 
Back to Top