Using Osquery to Detect Reverse Shells on MacOS

A deeper look into the significance of TTYs for detection

Chris Long

7 minute read

One challenge when it comes to building defenses for MacOS are the numerous scripting languages that come pre-installed with the operating system. While it may be convenient for developers, it provides attackers with a variety of methods for establishing persistence and bootstrapping connections to command and control servers.