A deeper look into the significance of TTYs for detection
One challenge when it comes to building defenses for MacOS are the numerous scripting languages that come pre-installed with the operating system. While it may be convenient for developers, it provides attackers with a variety of methods for establishing persistence and bootstrapping connections to command and control servers.
I'm the creator and maintainer of https://detectionlab.network.
Learn More