Agenda
- Introduction
Why macOS is no longer a low‑visibility platform for attackers. - 25-minute Analyst Walkthrough:
A real macOS malware incident investigated by the SOC, from the H2 2025 Threat Findings Report, showing how the threat entered, executed, and was contained:
- Triojanised software and user-led execution
- Abuse of trusted platforms and native macOS features.
- Where detection occurred and where human analysis was required.
- Detection & Response in Practice
- Lessons Learned: What to Apply to Your Environment
What you'll learn
- How modern macOS threats rely on technique and trust, not exploits.
- The common entry points attackers use on macOS today.
- Why macOs malware looks like from a SOC analyst's perspective.
- Where endpoint tools detect activity and where context matters.
- How real-world macOS incidents are contained before business impact.
- Where user awareness makes the difference.
- Practical actions to reduce macOS risk across your environment.
Presenter
Robert Sterio
SOC Analyst
Robert is a Cyber Security Analyst at Redsquid, specialising in the investigation and analysis of real‑world cyber threats. Working within our Security Operations Centre, Robert focuses on identifying malicious behaviour, analysing attacker techniques, and translating complex security findings into actionable insight for security teams. His work contributes directly to Redsquid’s threat research and customer protection, with a particular focus on early‑stage detection and behaviour-based threat analysis.