Collaborate Disseminate
Local logins are created when an already logged in user opens a Terminal window. Each terminal window is a separate ‘login’ process. If you have six Terminal windows (or tabs) open, you have six ‘login’ processes.
No one can find flour or yeast anyway! 😆This week is all about system login… Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 4] – It’s Login Week!
While I’ve been researching various queries with these unified logs, I’ve noticed some peculiar but forensically useful entries. I have found many of these entries to be created when I’m browsing directories via Finder. However, they don’t appear to be… Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 3] – Playing in the Sandbox, Enumerating Files and Directories
The first item in the Unified Logs we will take a look at is a relatively s… Continue reading Analysis of Apple Unified Logs: Quarantine Edition [Entry 2] – sudo make me a sandwich
Apple introduce Unified Logging many years ago in 10.12 and has constantly been changing it since its introduction. My main problem is usually using the ‘log’ utility. It has changed over time and those changes are not documented nor is the current doc… Continue reading Analysis of Apple Unified Log: Quarantine Edition [Entry 1] – Converting Log Archive Files on 10.15 (Catalina)
I’ve decided to spend some time revisiting analysis of Unified Logs as blog series during this quarantine. It is the perfect topic to make bite sized and I can make it as long or as short as Coronavirus deems it so.I’m planning of doing smaller blogs a… Continue reading Introducing ‘Analysis of Apple Unified Logs: Quarantine Edition’ [Entry 0]
Just got back from a wonderful time hanging out with the who’s who of Mac security folk in swanky Monaco at the Objective by the Sea conference. I’ve uploaded my presentation Watching the Watchers in my Resources section. This presentation goes through… Continue reading New Presentation from Objective by the Sea 2.0 – Watching the Watchers
Matt Cauthorn is the VP of Cyber Security Engineering at ExtraHop. Matt Cauthorn leads a team of technical security engineers who work directly with customers and prospects. Matt uses his expertise with ExtraHop to explain The Three Horsemen of SOC… Continue reading SOC Intel: Wire, Logs, & Endpoint – Enterprise Security Weekly #133
I saw this article “NYC plans to make AirDropping dick pics a crime” on Friday and it got me thinking. What exactly are the cops going to find if they do an analysis of a device, e… Continue reading AirDrop Analysis of the UDP (Unsolicited Dick Pic)
I had the privilege and honor to present at the first ever Objective by the Sea Mac Security Conference yesterday in Maui (hardship, right?). It was only the first day and it was absolutely spectacular, I may have to make this one a regular! I can easi… Continue reading Slides and Script! From Apple Seeds to Apple Pie & Introducing APOLLO: The Apple Pattern of Life Lazy Output’er