Cedric Owens and Patrick Wardle released great research yesterday showcasing a novel method of bypassing MacOS Gatekeeper. I highly recommend reading both articles. Apple patched this vuln yesterday in their updated release of BigSur but have not done so in Catalina or older versions of OSX. …

Update: I did a talk on this maturity matrix at the SANS Blue Team Summit 2021. If you want more context on each of the sections laid out below, I recommend watching the video. The recording can be found here (link). Detection engineering has long been a function of the…