"Objective For the We" v1.0
An Initiative by the Objective-See Foundation
The Objective-See Foundation is pleased to present the first edition of "Objective for the We": a multi-day event aimed at empowering those interested in cybersecurity, while also working to enhance diversity in this field.
To be considered for participation in our event, you must complete a short form:
This application will help us understand your background, interests, and motivations for attending.
Selected candidates will receive notification via email, and will gain full access to both the trainings and talks of the event.
Before applying to attend, please review the following details, to make sure they align with your availability. Also, as the content of the trainings and talks center on cybersecurity topics, priority will be given to those studying or working in security and/or technology-related fields.
Event Date & Location:
- May 9th: trainings
May 10th: talks & presentations
- Location: San Francisco, CA
(Address will be provided to attendees).
Event overview:
- Day #1: Trainings
May 9th, 9:00 am - 5:00 pm
- "An Intro to Mac Malware Analysis" (Patrick Wardle)
As macOS grows in popularity, so does the prevalence of malware targeting this platform. Ever wanted to learn exactly how to tear apart these malicious creations in order to reveal their inner workings? Here's your chance! In this content-packed one-day course, Mac security expert Patrick Wardle will teach the tools and techniques needed to comprehensively analyze and understand malware targeting Apple's desktop OS.
Note: To participate, at a minimum you'll need a Mac ...and within it, have a visualized instance of macOS installed.
- "Threat Hunting macOS" (Jaron Bradley)
Whether you're new to threat hunting or an experienced threat hunter, this course will bring a hands on experience to those looking to deep dive into using macOS internals to their advantage for threat hunting. Learn how to use the less commonly used artifacts to hunt down malicious activity in your environment. This course uses simulated attack data collected with the Apple Endpoint Security API and teaches attendees how to connect the dots to tell a story of an attack. We will also dive deep into understanding the different functions of the operating system to better identify what abnormal activity looks like.
Topics are discussed in presentation form and then applied via hands on labs. Among the different topics explored are...
-Exploring the process tree and understanding process creation
-Understanding the complications of XPC
-Tracing the steps of real malware samples and determining the scope of the attack
-Hunting using the lesser explored pid values
-Hunting using macOS and Unix specific technologies
- "Introduction to Arm64"(Chris Lopez)
This training will start with an overview of reverse engineering, before diving into the following sections.
ARM Architecture:
This section goes into some of the history of ARM and the different versions that have been adopted.
ARM64 Assembly Language Fundamentals:
Here we dive into the assembly syntax itself and focus on instructions commonly observed while reverse engineering. The goal is to be exposed to how the language is written.
Getting Started with Examples:
With the fundamentals covered, we will now write arm64 code. :) We will go over a few different examples written in arm64 compiled for Apple Silicon.
Introduction to ARM64 Analysis Tools:
This section will showcase tools that we can use to aid in the analysis of arm64 assembly. This includes command line tools and a disassembler.
Reverse Engineering Examples and Techniques:
With the tools covered in the previous section, we will focus on the process of reverse engineering and gaining an understanding of what capabilities a compiled binary has.
Suggested Prerequisites:
An interest in reverse engineering.
An interest in how things work.
Programming experience can be helpful for certain topics.
Required Setup:
MacBook (with Apple Silicon)
Xcode (with cmdline/developer tools)
Disassembler (IDA, Hopper, Ghidra, etc.)
- Day #2: Talks
May 10th, 9:00 am - 5:00 pm
- "Your Mac's Immune System: Resilience through Endpoint Security" (Brandon Dalton)
Apple's Endpoint Security APIs provide a foundational way to represent core user and system behaviors delivered in real time as "events". Most actions you take on your Mac can be represented using a combination of these events like launching Safari, unzipping an archive, or even sending an iMessage to a friend. Similarly, by chaining these events together we can engineer "detectors" that identify signs of malicious activity. Throughout the presentation, we'll dive deep into the mechanics of Endpoint Security and explore how they can empower you to craft robust defenses against sophisticated threats. By the end of this talk, you'll have a solid grasp of Endpoint Security, the importance of behavioral detection, and a practical example showcasing how these detectors can effectively combat advanced threats.
- "Leveraging macOS's Networking Frameworks to Heuristically Detect Malware" (Patrick Wardle)
Detecting unauthorized network access is a potent heuristic for uncovering sophisticated malware. While extensively explored on Windows network-level detection approaches and tools on macOS remain relatively uncharted. This session will address this gap by delving into open-source methods for building both basic network state enumerators and advanced network monitors. Malware won't stand a chance!
- "The Art of Cryptojacking" (Jaron Bradley)
Cryptojacking is a technique that attackers use to generate crypto-currency on a victim system and send it to an attacker-controlled wallet. All platforms are susceptible to this type of attack and macOS is no exception. In this talk, we will walk through the detection and analysis of a piece of malware that disguised itself as legitimate software in order to secretly infect macOS systems using dark web routing in order to anonymously mine crypto for financial gain of the attacker. We will demonstrate the methodologies used by both defender and attacker and tell the in-depth story of the malware's expansion.
- Talk #4 (Eva Galperin)
- ...and more!
- Closure: Happy Hour
May 10th, 5:30 pm - 7:30 pm
The event will conclude with a happy hour for all attendees, providing an opportunity to connect with others.
Note that lunch and light snacks and drinks will be provided each day of the event.
Application Guidelines:
- Due to space and other logistics, you must apply and be accepted to attend.
- There is no cost to attend the event if you are selected. However, please note that attendees are responsible for covering their own lodging and transportation expenses.
Prerequisites:
In order to be considered, you must:
- Either, be a student currently enrolled in a college/university pursuing a technology-related degree, or be pursuing or working in a technology-related field.
- Be able to cover your transportation (and any lodging expenses) to attend the event.
If you fulfill these prerequisites, please apply via the relevant form:
ℹ️ Deadline to apply:
April 30th, 2024
Selected attendees will be notified via email (provided during the application).
Contact Information:
If you have any questions you can email us at: contact@objective-see.com
We extend our gratitude to our platinum supporter, Kandji, for partnering with us for this event.
We are always looking for new projects, ideas, non-profits, or any other initiative that is aligned with the Objective-We program, that we support & collaborate together.
Want to suggest something that Objective-We can support? You can! ...just fill out the following form:
Submit your idea
Interested in joining us on our mission to create a more equitable and accessible future for everyone in the security space? Whether you are a student, researcher, or professional, we welcome you to be a part of the Objective-We community and help us shape the future of technology.
Join us by filling out the following form:
Join the Objective-We program
If you're a company looking to support our community focused efforts, you can partner with us via our "Friends of Objective-See" program.
You can also make a one-time (tax deductible) donation.
Just select one of the following amounts:
And good news as Objective-See is a tax-exempt 501(c)(3) organization, your support is tax-deductible within the guidelines of U.S. law.