GRAYHAT

Title: "Breaking, Entering, and Staying ...adventures in hacking macOS" Abstract: While there are many ways to exploit Macs, malicious documents targeting Apple users are growing in popularity.  
After analyzing in-the-wild attacks (leveraging such documents), we'll discuss a document-based exploit chain able to escape the sandbox and persistently infect macOS! Hooray, we can exploit macOS systems! What's next? ...perhaps the first true virus targeting macOS; OSX.EvilQuest. Starting with discussions on the malware's infection vector, persistence mechanism, and anti-analysis logic, we'll then dive into its (surprising) viral capabilities, file exfiltration, remote tasking, and ransomware logic.
To end the talk, we'll shift to the defense and discuss recent Apple frameworks that can be leveraged for signature and behavioral-based detection of both exploits and malware. The goal: generic protection against current and future attacks, to ensure our Macs remain secure!