4 posts
If you have a Mac (especially Apple Silicon), running macOS VMs is surprisingly easy. Apple actually supports macOS virtualization natively now via the Virtualization.framework. This post covers three options — pick the one that fits your workflow.
MacOS detection engineering is the neglected middle child of the security world. While Windows gets all the love with tools like Sysmon, comprehensive event logging, and mature detection frameworks, macOS defenders are often left cobbling together solutions from scattered documentation and tribal knowledge.This series walks through building a proper macOS detection lab — from spinning up macOS VMs to shipping logs to Splunk for detection development. By the end, you'll have a repeatable environment for building, testing, and validating macOS detections.
How to detect exploitation of CVE-2024-32002, a remote code execution vulnerability in Git that allows malicious repositories to execute code just by cloning.
A curated reading list on detection engineering best practices, tooling, and methodologies for building scalable security content.