Reversing approaches to extract embedded scripts in macOS malware

Name: Reversing approaches to extract embedded scripts in macOS malware
Description: Malware analysis is fundamentally a triage and classification problem. When a new sample arrives, the analyst's first goal is to determine whether it is benign, known-malicious (already documented and

Patrick Wardle

DEF CON 33 · Day 2 · Main Stage

Malware analysis is fundamentally a triage and classification problem. When a new sample arrives, the analyst's first goal is to determine whether it is benign, known-malicious (already documented and

AI review

Wardle delivers a systematic field guide for malware analysts: identify and extract scripts from the five major packaging wrappers (Platypus, PyInstaller, Electron, JXA, Automator) that macOS malware authors abuse. Practical, well-structured, immediately deployable. Not a zero-day talk but it closes a real analyst skill gap.

Watch on YouTube