Principal Security Researcher, Microsoft
The Achilles Heel Of The macOS Gatekeeper
In recent years, Apple has significantly hardened macOS, making it harder for attackers to run arbitrary code on the system. One of the strictest hardening mechanisms completely stops non-notarized downloaded binaries from executing on the system. This is known as the "Gatekeeper."
In this talk, we will discuss how Gatekeeper works, review recent Gatekeeper bypasses, and show our very own novel Gatekeeper bypass 0day reported to Apple in 2022. Lastly, we will examine heuristics for detection offered by Microsoft Defender for Endpoint on macOS.
Jonathan Bar Or ("JBO") is a Principal Security Researcher at Microsoft, working as the Microsoft Defender research architect for cross-platform. Jonathan has rich experience in vulnerability research, exploitation, cryptanalysis, and offensive security in general.