Automating macOS Incident Response: DFIR-as-Code in Action Against AppleProcessHub
ID: d7169931-ef38-5a4c-9a5e-8e2bb3184cca
STIX ID: report--d7169931-ef38-5a4c-9a5e-8e2bb3184cca
Feed Name: Abstract Security Blog
Threat Score
This report examines the AppleProcessHub macOS infostealer and demonstrates applying DFIR-as-Code to automate forensic collection, detection, and response—showing example YARA rules, Plaso keychain parsing, and launchd persistence detection to quickly identify and remediate credential theft and related artifacts.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.