Jonathan Bar Or (“JBO”) is a Principal Security Researcher at Microsoft, working as the Microsoft Defender research architect for cross-platform. Jonathan has rich experience in vulnerability research, exploitation, cryptoanalysis, and offensive security in general.
macOS has unique security features that challenge malware authors and attackers alike. Technologies such as TCC, sandboxing, SIP and Gatekeeper mitigate common techniques that are used across the kill-chain. As macOS becomes increasingly popular, attackers and malware families quickly adapt to perform malicious operations on endpoints, ranging from simple Adware to full-fledged RAT instances. In this talk, we will present an end-to-end attack simulation done internally by Microsoft Defender for Endpoint (MDE) and show how we were able to produce creative vulnerabilities that bypass those security features, and how we help Apple secure macOS against similar attacks. We will be describing bypasses to the Apple sandbox, Gatekeeper, TCC and SIP to show how an attacker could gain access to a system. For each technique, we will describe mitigations (done by Apple), detections by Microsoft Defender for Endpoint and variant analysis. We will also describe working with Apple and the general vulnerability disclosure process we use as part of the Microsoft Coordinated Vulnerability Disclosure (CVD) program.
A knowledge sharing platform with monthly/bi-monthly webinars, covering ground-breaking security topics in the current context that impacts both technical and operations community as well as leadership and even businesses as a whole.
Find out what’s buzzing in the cybersecurity domain, what is making headlines or has potential to do so. This section we will cover the latest research from our members – expert analyses, original study/reports, or summary of an industry-wide policy issue and more.
