Investigating Nix Endpoints for Incident Response - Patterson Cake
How many endpoint Operating Systems are there? SPOILER alert – the answer is two! 🛝 Webcast Slides - https://www.antisyphontraining.com/wp... Join Patterson Cake, Director of Incident Response at Black Hills Infosec, as he guides through his “rapid endpoint investigations” workflow for the “other” (not Windows) Operating System…*Nix (Linux/Mac). We’ll learn how to select, acquire, and analyze Linux and Mac investigative artifacts, using Velociraptor offline collector, CatScale, and UAC scripts. Windows gets a lot of attention and rightfully so! However, Linux and Mac are part of every enterprise ecosystem and represent a critical attack surface. You need a simple, effective, repeatable plan for investigating these endpoints. Chapters 00:00 - Intro - Investigating Nix Endpoints for Incident Response - Patterson Cake 00:31 - April is the cruelest month 02:24 - AGENDA 04:21 - ENDPOINT & IDENTITY 04:59 - ENDPOINT = ? 07:11 - OS = Windows vs Linux vs Mac? 08:48 - Linux “Use Cases” 10:29 - Endpoint Investigations: Linux 12:45 - Rapid Endpoint Investigations: Linux 13:37 - THREAT-ACTOR SOP* 17:15 - ENDPOINT ATTACK SURFACE 18:58 - RAPID TRIAGE WORKFLOW 20:07 - Linux Artifacts 22:14 - COLLECT...PARSE...REDUCE/REFINE 23:22 - COLLECT ARTIFACTS 27:02 - ANALYSIS WORKFLOW 27:49 - OUTPUT REVIEW 32:40 - Other = Mac (Business Desktops 10%) 34:35 - Mac “Threat-Actor SoP” 36:37 - Mac Artifacts 40:07 - Mac UAC Execution 41:55 - Mac Artificats (again) 50:30 - ENDPOINT & IDENTITY - Mac 52:32 - Resources 53:52 - Q&A Credits Chat with your fellow attendees in the BHIS Discord server: / discord ( / discord ) in the #🔴live-chat channel 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com ( https://poweredbybhis.com ) Brought to you by:Black Hills Information Security https://www.blackhillsinfosec.com ( https://www.blackhillsinfosec.com/ ) Antisyphon Traininghttps://www.antisyphontraining.com/ ( https://www.antisyphontraining.com/ ) Active Countermeasureshttps://www.activecountermeasures.com ( https://www.activecountermeasures.com/ ) Wild West Hackin Festhttps://wildwesthackinfest.com ( https://wildwesthackinfest.com/ ) Antisyphon Training Anticasts Episode 14 May 30, 2026 ★ Episode details: https://share.transistor.fm/s/9bc2e004 ★ Additional episodes: https://anticasts.transistor.fm
RF Attacks Every InfoSec Pro Should Know with Paul Clark
Turn Cybersecurity Headlines into Action w/ Wade Wells
A Day in the Life of a Penetration Tester | Red Team Reality w/ Carson Sallis
Linus Torvalds: AI Is Changing Linux Fast
Building the PERFECT Linux PC with Linus Torvalds
How Hackers Attack CI/CD Pipelines w/ Phil Miller
NYC's Joyous Knicks Victory Celebration vs. Trump's Joyless White House UFC Fight | The Daily Show
Something is jamming GPS over Europe. Here's what we found
Windows is a trainwreck
It took me 10+ years to realize what I'll tell you in 18 minutes
Microsoft Just Released Their Own Linux Distro: Should You Be Worried?
DAY 3 - Information Security Core Skills™ w/ John Strand
THESE Apps Are SPYING on You — Shut Them Off NOW!
Attacking AI - Jason Haddix - NDC Security 2026
Understanding File Descriptors in Unix/Linux
Red Teaming: Bypass, Evade, and Exploit w/ Corey Overstreet
Threat Hunting in the Agentic Age w/ Faan Rossouw
The French Do Not Care About Work
DAY 2 - Information Security Core Skills™ w/ John Strand
