Arek Dreyer (Kandji)
Speaker Bio: Arek Dreyer is a Senior Product Engineer at Kandji. Before joining Kandji, Arek delivered courses and provided training, both in the classroom and at conferences around the world. Dreyer was the co-author of “macOS Support Essentials 11 – Apple Pro Training Series: Supporting and Troubleshooting Big Sur.” Dreyer has been the co-author for that title since macOS 10.13. Dreyer was also the co-author for several other books, including “Apple Pro Training Series: OS X Server 5.0 Essentials,” “Apple Pro Training Series: Using and Supporting OS X Server on El Capitan,” “Managing Apple Devices: Deploying and Maintaining iOS 9 and OS X El Capitan Devices,” and “Mac OS X Directory Services.”
MacDevOpsYVR 2022 speakers
Note: The speakers and talks are subject to change
Threat Models are like Opinions
Are you in a regulated industry? This talk isn’t REALLY for you because you probably don’t have any choice in the matter. For the rest of us in the weird ambiguous state of NOT having caused Enron-scale legislation yet, let’s talk about the Centers for Internet Security standard, (version 7, because who’s actually using 8 yet,) with references to AWS (keep it devops) and workstations (outnumbered by moving targets, fighting a losing battle).
Speaker Bio: Allister speaks about himself in the third person and knows considerably more Japanese since having moved there in 2017.
Arjen van Bochoven
Something about MunkiReport
MunkiReport is still alive – how is that possible?
Speaker Bio: Some person from Amsterdam making a living managing Macs
Armin Briegel (Scripting OS X)
The Encyclopedia of macOS Automation tools
There are several different options that admins, devops and developers can use to automate workflows on macOS. With the rise of Swift, switch to zsh as the default shell and the demise of built-in python and other run-times, the landscape is shifting significantly. I will give an overview over the changes and the current options and recommendations on which tool to use when.
Speaker Bio: Armin Briegel has been managing Macs and their users for nearly 30 years and probably held most existing technical job titles at one time or another. He worked for nearly ten years at Apple in Germany and in the US as a Systems Engineer and Consulting Engineer. Then, he put theory into practice as a System Administrator at University of California. He currently works for Jamf as a Consulting Engineer. He also writes on his weblog, scriptingosx.com and has published five books for Apple Administrators.
Ryan Diers (Airbnb)
(Open Source MDM in a (Sand)Box – with Brandon Kurtz)
As a security engineer at Airbnb, Ryan has had the opportunity to work on interesting projects like binary authorization/restrictions at scale via Santa and their open source project called Rudolph.
Ryan wears many other hats: including, infrastructure engineer and SRE, as well as , fighting fires for tools/products owned by Airbnb’s Enterprise Security teams.
Ryan’s guiding principle for all projects is to build secure infrastructure at scale. Being a generalist is the name of the game.
As it turns out, building infrastructure for open-source MDM requires a lot of these generalist security and infrastructure skills. So Ryan was happy to lend a hand to help make Open Source MDM in a (Sand)Box a reality.
Csaba Fitzl (Offensive Security)
10 macOS persistence techniques
I was always amazed by [@Hexacorn](https://twitter.com/Hexacorn) ’s [Beyond good ol’ Run key](https://www.hexacorn.com/blog/category/autostart-persistence/) blog post series, which collects various [persistence](https://attack.mitre.org/tactics/TA0003/) methods on Windows. It’s an awesome series, which has 134 parts right now. In the past years as my interest in macOS grew, and now that I’m mostly doing only macOS related research I started to come across many – many tricks, which allows someone to do persistence on macOS beyond just the `LaunchDaemons` or `LaunchAgents` directories, which is used to store the launchd startup files. So I started to write a blog post series called “Beyond the good ol’ LaunchAgents”.
Patrick Wardle showed in 2014 how malware usually persists on macOS in his VirusBulletin talk. Things haven’t changed that much in present days. What we will see during this talk, that there are a plethora of options not utilised yet by malware and what should we prepare for as blue teamers, or how can we extend our toolkit as red teamers.
In this talk I will present my favourite 10 persistence methods I learned about or found myself in the past year. I will show some very unique, less known ideas, or some which are well known by sysadmins, but less used by the security community, red teams or malware. I will also share detection ideas for every technique, which is usually not covered in my blog posts.
Speaker Bio: Csaba Fitzl graduated in 2006 as a computer engineer. He worked for 6 years as a network engineer, troubleshooting and designing big networks. After that, he worked for 8 years as a blue and red teamer focusing on network forensics, malware analysis, adversary simulation, and defense bypasses. Currently, he is working as a content developer at Offensive Security. He gave talks/workshops at various international IT security conferences, including Hacktivity, hack.lu, Troopers, SecurityFest, DEFCON, BlackHat and Objective By The Sea. Csaba spends his free time with his family, and runs or hikes in the mountains.
Thomas Hansen (University of Oslo)
Improving user experience with client certificates
As a system administrator you have to provide excellent service to your users and at the same time make sure security and privacy is handled properly.
Leveraging existing infrastructure (Active Directory) and a MDM (Workspace One) solution you can provide clients your organisation trusts with client certificates which give them access to services that would otherwise be denied.
Enabling easier access from home (VPN) and also in a hybrid office environment to make better use of offices by using certificates for 802.1x authentication on ethernet for trusted devices.
Providing better services to trusted devices provided that they are compliant/patched makes everyones jobs easier and certificates are quite straightforward to the end-user.
Many ways easier to use and debug (once properly configured) than username and password
Speaker Bio: Senior Engineer at the Department of Informatics at the University of Oslo (Norway). Worked as a system administrator with UNIX and Linux, and Macs since Jaguar.
Brandon Kurtz (Airbnb)
Open Source MDM in a (Sand)Box
“But how?” I thought to myself. Even if I could start a trial with a commercial mdm vendor as an individual, doing so wouldn’t help me get after the knowledge I wanted. So the obvious thing to do was to spin up Micro and MDMDirector in my home lab!
I also wanted to stand it up with infrastructure-as-code so that it was easy to teardown and reproduce so that other folks in the community could experiment with open-source mdm too!
Inspired by my previous project to automate the creation of a Chef Server (https://github.com/discentem/terraform-chef-server) and https://github.com/tbridge/munki-in-a-box I present mdm-in-a-box! The goal is a make experimenting with open source mdm just a little bit easier.
Speaker Bio: Brandon Kurtz has been Client (Platform) Engineer at Airbnb since September 2020. They have contributed code to MDMDirector and are sometimes on-call for both Micromdm and MDMDirector Airbnb’s entire macOS Fleet.
Alex Narvey (Precursor)
PHP for Monty
Python 2 is not the only thing that Apple leaves out of macOS Monterey! PHP is also no longer supplied. But I have run my Munki/MunkiReport and FileMaker Server off of Macs for years and had no wish to stop that now. So here is how I build and sign PHP (for both Intel and Apple Silicon) to be able to use it with MunkiReport and FileMaker Server on macOS Monterey.
Speaker Bio: Alex started Precursor Systems in 1994 to provide Annual Support Plans for businesses focused on Apple technology and now works with over 30 clients across six Canadian Provinces. Alex has presented at ACES, MacTech Conference L.A., MacAD.uk and MacDevOps YVR.
John Peterson (Gemini)
Running AutoPkg in Concourse CI
The community has done great work building the foundation for running AutoPkg via various CI/CD services. This talk will cover another option – running AutoPkg in Concourse CI.
Speaker Bio: John Peterson is a Manager of Infrastructure Engineers who are far smarter than he is. He spends his time trying to automate himself out of a job and learning new tech that hopefully makes sense one day. In the meantime, he spends his free time with his wife, daughter, and ever-growing number of animals and plants.
Thomas Reed (Malwarebytes)
Stalking Detection in Apple’s Ecosystem
Although Apple tries to focus on ensuring the privacy of its users, the reality is that Mac and iOS users can be subjected surveillance – anything from garden-variety stalking to nation-state spying. Attackers may be interested in location data, SMS and other messages (running the gamut from e-mail to end-to-end encrypted messages), photos, documents, and more.
In the real world, stalking is the most common use case for surveillance. Stalking can include things like monitoring the activities of a love interest, following a potential victim, a jilted ex seeking revenge, intimate partner abuse, and more. Another use for this kind of spying is more aimed at businesses, such as an ex-employee monitoring operations at the company that fired them, or a competitor engaging in some form of espionage. Nation-state attacks also happen, but are far less common and can be harder to defend against.
In this talk, we’ll look at ways that attackers can spy on you via your Apple devices, with the intent of exposing mitigations that can help to prevent surveillance, or to end surveillance that is already in progress.
Speaker Bio: Thomas had a Mac before it was cool to have Macs. He is a self-trained Apple security expert. In his spare time, he is also an amateur photographer.
Bart Reardon (CSIRO)
swiftDialog – Adventures in writing an admin utility in SwiftUI
swiftDialog is an open source admin utility app for macOS 11+ written in SwiftUI that displays a popup dialog, displaying the content to your users that you want to display.
swiftDialog’s purpose is as a tool for Mac Admins to show informative messages via scripts, and relay back the users actions.
This talk will go into how this app came to be, why I chose SwiftUI and the adventures thereafter
Speaker Bio: Bart has worked for the CSIRO in Australia for 20 years and is based in Canberra.
Bart currently works for CSIRO’s desktop infrastructure team and leads development for the Mac and Linux Desktop SOE’s and manages 1000 odd macOS workstations using JAMF, Munki and other open source tools.
He has contributed to Munki, macOSLAPS and Nudge open source projects.
Joel Rennich (Jump Cloud)
SAML, OAuth and OpenID Connect
In this session will cover the differences between SAML, OAuth and OpenID Connect including when they are most appropriate to use, what open source projects can you leverage to get started and how you can build these protocols into your dev ops process.
We will do some show and tell using the protocols from client scenarios plus even release some tools that could help you with testing and deploying better authentication in your environment.
Plus we will see how many corny authentication jokes we can fit into one session!
Oh… we may also talk about how Swift is better than Python. Although Apple has mostly taken the fun out of that.
Speaker Bio: Joel Rennich released the popular open source application NoMAD in 2016 to make Mac admins’ lives easier. Before that he spent over a decade working at Apple as an Enterprise Systems Engineering Manager. Prior to Apple, Joel was frequently seen speaking at Macworld, WWDC, and other international conferences and gatherings of Apple-minded admins as the founder of AFP548.com.
Sharvil Shah (FleetDM)
Open source visibility on macOS with osquery and EndpointSecurity framework
Do you know what those processes running on your macs do behind your back? Can you identify potentially harmful processes across your macOS fleet? Are you curious about how things work under the hood? Is your macOS fleet compliant with your organizational policies?
We will take a peak behind the curtain with osquery and EndpointSecurity framework (Apple’s new APIs for monitoring system events) to answer some of these questions.
Speaker Bio: Sharvil is a Software Engineer working on osquery at FleetDM. He has been an active contributor to osquery since its early days in 2015 providing much of the early macOS implementation. When he is not tinkering on system internals, he enjoys trail running and being in the outdoors.
James Smith (ANZ)
Visual Studio Code for Mac Admins
Talk Description: I will refine this into a blurb for the site if picked but the main idea behind this talk are some common ways to setup VS Code for Mac Admins. Working through Extensions, which ones are useful, and how to easily install them. How you can sync your setup between multiple devices easily (maybe even covering the remote development experience).
Will also look to cover VS Code Workspaces and how they can be used to recommend extensions within Git repos when you are working on projects together.
Speaker Bio: James leaves things like the Speaker Bio to the last minute
Henry Stamerjohann (Zentral Pro Services GmbH)
Runtime and tools – version management on macOS
Python, Poetry, Node.js, Terraform, Ansible – keep it simple stupid – to that end, it would be nice if the process of installing and maintaining the runtimes and tools needed for today’s tasks could be organized in a simplified way. This talk will present some lean workflows for version management.
Speaker Bio: Henry Stamerjohann is based in Germany and is a returning speaker to MDO:YVR. He is co-creator of Zentral, an open-source event hub that can control Santa and Osquery. He runs a consulting firm with a small team that helps organizations run Zentral on a large scale. They also provide additional expertise in solving Apple Platform Management problems.
Rich Trouton (SAP)
Leveling Up – Managing admin rights in the enterprise
Talk Description: A fundamental and controversial issue for enterprise Mac admins is the management of admin rights for their user community. Some say granting admin is fine, others think it’s a bad idea and yet others have regulatory requirements which govern what can be done.
Like other enterprise environments, SAP has had to deal with the issue of admin rights for their users and developed a tool called Privileges to manage them. Join me for a discussion of the pros and cons of admin rights in general and how SAP arrived at developing and using Privileges for their solution to the issue.
Speaker Bio: Rich Trouton has been doing Macintosh system and server administration for over twenty years and has supported Macs in a number of different environments, including university, government, medical research, advertising and enterprise software development. His current position is at SAP, where he works with the rest of the Apple@SAP team to support SAP’s Apple community.
Rich has also written for Peachpit, Apress and MacTech Magazine on various ways to manage Apple devices. His most recent book with co-author Charles Edge is “Apple Device Management: A Unified Theory of Managing Macs, iPads, iPhones, and AppleTVs”.
Prima Virani (Twilio Segment)
Endpoint Monitoring and visibility is an essential building block for the success of any Detection & Response team. At Segment our tools of choice for Endpoint monitoring is OSquery paired with FleetDM for orchestration. FleetDM is the most commonly used open source OSquery manager across Security and Compliance teams in the world. It enables programmable live queries, streaming logs, and real-time visibility of 100,000+ servers, containers, and laptops.
There are many ways of hosting FleetDM in your environment. At Segment, we decided to host it entirely as code on an EKS cluster, which is a new Amazon Web Services offering that makes it easy to run Kubernetes at scale. In this session we will talk about how we hosted FleetDM on an EKS cluster along with sending scheduled query logs to an AWS OpenSearch destination entirely created and managed as code.
Speaker Bio: Prima is a seasoned Security professional who has worked in a variety of industries such as Consumer Tech, Oil & Gas, Media, and Fin-tech. She is a Staff Security Engineer on the Detection & Response Engineering team at Twilio Segment where she enjoys creating automation tooling for Incident Response and occasionally dabbles in Security DevOps. She loves sharing her experiences with the industry and has spoken at many meetups and conferences globally including, but not limited to, SecTOR Canada 2021, Agile India 2020, MacDevOps:YVR 2019, and Grace Hopper Conference 2017.
Derek Wang (Airbnb)
Binary Allowlisting on MacOS feat. Santa & Rudolph
In this talk I wish to go over how we implemented Binary Authorization on MacOS at Airbnb, using primarily open source technologies, serverless AWS, and with a focus on accessibility and user happiness.
Speaker Bio: I’m a jack-of-all-trades who has dabbled in a little bit of everything in web tech. In past lives, I’ve worked on payment systems, as a React developer, and even on building a company. My recent stint takes me to Airbnb, where I’ve worked on CSIRT-y things, with an emphasis on corporate infrastructure hardening.
I’m passionate about AWS technology, design patterns, and gluing together open source projects in creative ways.
Josh Wisenbaker (Jamf)
Make Mac minis Multiply
In a world filled with virtual machines, the ones dedicated to build infrastructure have particular needs.
They need to cover a wide array of configurations.
They need to be immutable and consistent.
They need to be fast to spin up.
In the world of Apple platform development this is sometimes tough to provide, but there is hope!
Join us for a whirlwind tour of Veertu’s Anka Cloud and learn best practices so that you too can create multitudes of minion Mac minis.
Speaker Bio: Josh Wisenbaker is a Principal Software Engineer at Jamf.
He has a long history in the MacSysAdmin community and has journeyed from AFP548.com to Jamf with many stops along the way.
He lives in Winston-Salem, NC with his family. You can find him at the bottom of an ancient trap laden tomb or at “macshome” on your least hated social networks.