Using Osquery to Detect Reverse Shells on MacOS

A deeper look into the significance of TTYs for detection

Chris Long

7 minute read

Reverse Shell Detection One challenge when it comes to building defenses for MacOS are the numerous scripting languages that come pre-installed with the operating system. While it may be convenient for developers, it provides attackers with a variety of methods for establishing persistence and bootstrapping connections to command and control servers. Once attackers gain a foothold on systems, they frequently like to gain shell access by launching reverse shells. The benefits of this are well documented here.