Stuart Ashenbrenner (Huntress)
(dm)XProtect: Stop, Drop, Shut malware down before it opens up shop
XProtect and XProtectRemediator (and MRT) are a couple of the primary security mechanism on macOS, aimed at blocking and remediating malware and threats. In this talk, we’ll look under the hood of these tools. We will dive into exactly how they operate at a low-level and how they interact with macOS. Furthermore, we’ll discuss how admins can leverage the information they provide, as well as if they’re enough of a AV solution within your security stack.
Bio: Stuart Ashenbrenner works at Huntress as a Staff macOS Researcher, focusing on macOS security and development. He has spoken at various conferences about macOS security, including Objective by the Sea. He is co-author and core developer on the open source, macOS incident response tool called Aftermath. He has perviously worked as a macOS detections engineer and a software engineer.
John Yang (ramp)
Passkey Deployment, for Today!
Passkeys represent the latest tool in the journey to a true Passwordless Experience for users, without sacrificing security, and giving the most flexibility with roaming authenticators.
Learn about some practical considerations for deploying Passkeys in it’s current iteration and implementation with Android/iOS, and why you may want to deploy them now, vs later.
Bio: John Yang is a Director of Corporate IT at Ramp.
Ramp is building the next generation of finance tools – from corporate cards and expense management, to bill payments and accounting integrations – all designed to save businesses time and money.
Previously, John has worked at Cruise, Alaska Airlines, and Virgin America before joining Ramp to lead the Corporate IT Team.
Joel Cedano (Addigy)
Leveraging Open Source Tools for CIS and NIST Security
Join Joel Cedano, Senior Product Manager at Addigy, as he guides you through the intricacies of the Apple security landscape. We’ll dive into the myriad of security risks that come with not properly protecting end-user devices and show you how to ensure the highest levels of security with the use of open source tools.
In this talk, you’ll gain a deeper understanding of the importance of safeguarding your Apple devices and walk away with practical, actionable solutions that protect your devices while delivering the Apple experience your end users expect.. Don’t miss out on this opportunity to elevate your security game!
Bio: With over six years of experience in the Apple device management space, Joel has developed a wealth of knowledge around securing and managing Apple devices . As a product expert at Addigy, he has successfully partnered with thousands of businesses — from small startups to Fortune 500 companies — to roll out, manage, and secure their Apple environments globally. Joel’s leadership in security initiatives and integrations has given his clients the peace of mind they need to effectively manage their devices.
Brandon Kurtz (Airbnb)
Homebrew alternative to Git Fat with first-class cloud storage
In this talk Brandon will demo a golang project he’s writing that can replace tools like Git Fat, with first class support for cloud storage like S3 and that works with any SCM tool.
Bio: Brandon does MacOps and WinOps @ Airbnb. He likes to use golang, config management, and open-source management tools.
Joel Rennich (JumpCloud)
Mix local with Cloud development using Mesh VPNs
Mixing local development with cloud deployment can be a real pain in the rear. Very few things work the same locally as in the cloud. What do you do? You develop locally, test via a mesh VPN with a live IP address, and then deploy in your favorite serverless provider.
Learn about using mesh VPNs to do local development on your Mac, in Go, while still getting all the benefits of being on a public IP address with easily obtained trusted Let’s Encrypt certs.
In a strange twist for Joel… no Swift code will be shown, instead we’ll build apps in Go in Visual Studio Code on a Mac and deploy them as a Lambda behind an API Gateway in a mater of minutes when we’re done.
While no Swift will be shown, it’s still loads better than Python
Bio: Joel Rennich released the popular open source application NoMAD in 2016 to make Mac admins’ lives easier. Before that he spent over a decade working at Apple as an Enterprise Systems Engineering Manager. Prior to Apple, Joel was frequently seen speaking at Macworld, WWDC, and other international conferences and gatherings of Apple-minded admins as the founder of AFP548.com.
He now chases butterflies as the Head of JumpCloud labs leading a team of developers who are much better than he is.
Henry Stamerjohann (Zentral)
Device Management at Scale with Terraform
In this talk, we’ll apply infrastructure-as-code principles to device management. We will see how Terraform-based GitOps increase consistency, reliability, and accountability in challenging environments.
First, we’ll define resources with the official Zentral Terraform provider. Next, we’ll set up a CI/CD pipeline to get an audit trail and automation. Then, finally, we’ll pull it all together with advanced workflows across multiple environments.
We have created a strong foundation for reliability and compliance. Now we can catch mistakes before they happen. When we streamline and reduce manual friction with GitOps, we free up time to focus on other critical tasks.
Bio: Henry Stamerjohann is based in Germany. He is a returning speaker at MDO:YVR and co-creator of Zentral, a powerful event and device management platform with exceptional Santa and Osquery management capabilities. He helps organizations run Zentral at scale and solve complex challenges in Apple Platform and device management. Henry is one of the founders of Zentral Pro Services GmbH.
Tim Sutton (Block)
Stories and learnings from macOS Continuous Integration at Scale
There are more use-cases than ever to build and test software or other automation workflows on Apple hardware. Folks do this both on-premises and using vendors offering bare metal and virtual machines.
We will take a look into our experiences managing a large Mac CI fleet, supporting hundreds of contributors and builds’ compute time measured in hours. We’ll also explore details of running EC2 Mac instances for the use case of continuous integration.
Bio: Tim Sutton is a software engineer at Block (formerly Square). Long-time Mac Admin fanboy, passionate about automation.
Greg Neagle (Walt Disney Animation)
Being Responsible: TCC and You
An ongoing challenge in managing macOS is dealing with Apple’s TCC (Transparency, Consent, and Control) mechanism. Greg will dig into this macOS feature and share what he’s learned recently when getting Munki to work with Ventura’s new App Management protection. You’ll learn about the “Responsible Process” and how you might deal with TCC issues in your own scripts and tools.
Bio: Greg Neagle has been deploying and managing macOS machines for over two decades at Walt Disney Animation Studios, a studio with a long history of family entertainment reaching back to “Snow White and the Seven Dwarfs” and forward to our latest film, “Wish”, coming this fall.
Several Mac management tools developed by Greg have been released as open source by Disney Animation. Among those are Munki, a software deployment framework, and Reposado, a platform-agnostic replacement for Apple’s Software Update service. He is also a maintainer of the popular AutoPkg tool. Greg has presented on various aspects of macOS management at conferences in Europe and North America. Greg is excited to return to MacDevOps YVR!
Ritu Gill (OSINT Techniques)
Online Privacy and Risk Management
One of the keys to online research is finding the digital breadcrumbs that people leave behind online. That said, this talk covers online privacy mistakes people often make that leave them vulnerable to bad actors. Ways to minimize the risk will be discussed including talking about OPSEC and basic tips everyone can use to protect their online footprint
Bio: Ritu Gill is an Intelligence Analyst with over 15 years of experience working with Canadian law enforcement, 12 of those years were with the Royal Canadian Mounted Police (RCMP).
During her tenure with the RCMP, she specialized in open source intelligence, and worked on high profile investigations. As part of RCMP’s international capacity building program, Ritu trained law enforcement in Bangladesh and India in the use of the internet as an investigative tool.
In 2016 Ritu set up a consulting business providing OSINT training and research to law enforcement and related entities across North America. Ritu holds a Bachelor’s Degree in Criminology from Kwantlen Polytechnic University and is actively involved in the OSINT community.
Website: https://www.osinttechniques.com
Twitter: https://twitter.com/OSINTtechniques
Samuel Keeley (Staff Enterprise Security Engineer at Airbnb)
Massively deploying Security Keys with a little help from osquery and friends
It has been clear for quite some time that passwords, including one-time passwords, are something that need to be phased out rapidly. At Airbnb, security keys started to be deployed to users in early 2016, with the majority of internal users having them within two years. However, finishing the transition and ensuring that all users were only using security keys presented many challenges, especially with a now-distributed workforce. Through crafty use of tools including osquery on macOS and a small custom web app, the transition was able to be completed with a rapid pace. This talk will walk through the challenges, both technical and logistical, and offer insights on how other organizations can complete this work with high confidence and low user friction.
Bio: Samuel Keeley is a Staff Enterprise Security Engineer at Airbnb, focused on internal user-facing applications, access, and endpoints.
Elizabeth Ponce (Client Engineer at Airbnb)
My first (almost) year as a Client Engineer
This talk will share out my learnings and key takeaways from my first year on the Client Engineering team. Including, how I leverage my Conflict Resolution computer science to learn complex configuration management systems, the importance of connecting with others in a remote environment and for increased learning, and more!
Bio: After graduating with her BS in Conflict Resolution, Elizabeth joined Airbnb in 2017 as a Customer Support Agent, and found a love of code during an “Intro to Web Dev” class at work. She was hooked and forged her own path to Engineering with grit and determination, along the way forming a women in engineering ERG, and going back to uni for a second Bachelor’s degree in Computer Science while working full time.
After moving to the Tech org in 2021, she completed a year of engineering rotation positions and has been on the Client Engineering team since August of 2022.
Sharvil Shah (Independent Consultant)
Building next-gen security tools with EndpointSecurity APIs
In this talk, we will explore the evolution of Apple’s EndpointSecurity APIs on macOS, and how the newer enriched event types in macOS Ventura enables us to build next-gen security tools. We will look at this functionality in osquery and other custom built tools, and explore use-cases such as Data Leak Prevention and Detection, detecting process injection, detecting persistence, and remote auth events.
We will end the talk, with a little bit of speculation towards the future and how Apple is building the frameworks bit by bit, and how these can be leveraged to build a single-pane-of-glass regarding security, compliance and audit on the Mac.
Bio: Sharvil is a software engineer and consultant working on endpoint security and endpoint agents on macOS. He regularly consults on all things osquery with companies like FleetDM. He is a core developer and contributor to osquery, and is a member of osquery Technical Steering Committee. He is previously presented at MacDevOps and ObjectiveByTheSea
MacDevOpsYVR 