Inside macOS Security: Blind Spots, LOLBins, And Supply Chain Risks (Olivia Gallucci & Pedro Kertzman)

from Cyber Threat Intelligence Podcast · host Pedro Kertzman

Think your Mac is the safe corner of the network? Olivia Gallucci joins Pedro Kertzman to dismantle the myth of “secure by default” and show how modern attackers slip past comfort-zone defenses. We dig into the real blind spots on macOS, why unified logging and strict entitlements complicate endpoint visibility, and how Apple’s Endpoint Security API helps—while still leaving gaps clever adversaries can exploit.Olivia walks us through the rise of living-off-the-land tactics on Mac, often called LOLBins, where trusted tools like osascript, curl, launchctl, bash, and dscl become covert malware helpers. Instead of fixating on blocklists, we explore behavior-based detections that catch suspicious parent-child process chains, stealthy downloads, and persistence via launch agents. We also trace the expanding attack surface created by enterprise adoption of Macs among developers, admins, and executives—users with access, keys, and data worth chasing.On the supply chain front, we unpack how developers get targeted through poisoned dependencies and compromised package ecosystems, with examples tied to CocoaPods issues and malicious packages pulling command-and-control frameworks. For end users, trojanized apps, shady installers, and macro-laced documents still work, and notarization alone isn’t a silver bullet. Olivia shares pragmatic safeguards: dependency pinning, signed builds, stricter MDM policies, and layered monitoring that blends Apple-native frameworks with network telemetry. To help users help themselves, she highlights Objective-See’s open source tools that flag camera, microphone, and persistence changes in plain language.If you care about macOS security beyond the brochure, this conversation maps the terrain—what’s visible, what isn’t, and how to build defenses that hold up when trust fails. Subscribe, share with a teammate who uses a Mac at work, and leave a review with the one Mac detection you wish you had today.Send us Fan MailSupport the showThanks for tuning in! If you found this episode valuable, don’t forget to subscribe, share, and leave a review. Got thoughts or questions? Connect with us on our LinkedIn Group: Cyber Threat Intelligence Podcast—we’d love to hear from you. If you know anyone with CTI expertise that would like to be interviewed in the show, just let us know. Until next time, stay sharp and stay secure!

What this episode covers

NOW PLAYING

0:00 21:41

1×

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Share this episode

Similar Episodes

I'm ok

Mar 26, 2026 ·1m

REMIX: Why we over-shop and compulsively acquire, and how to stop, with Dr Jan Eppingstall

Jan 9, 2026 ·61m

REMIX: OCD and hoarding disorder with Jenna Overbaugh

Jan 2, 2026 ·47m

REMIX: Therapy and hoarding disorder - what are the options? With Dr Jan Eppingstall

Dec 26, 2025 ·78m

REMIX: ADHD and hoarding disorder with Professor Sharon Morein

Dec 21, 2025 ·46m

#207 13 actionable pieces of mental health advice from six former podcast guests

Dec 12, 2025 ·53m

Similar Podcasts

That Hoarder: Overcome Compulsive Hoarding That Hoarder Hoarding disorder is stigmatised and people who hoard feel vast amounts of shame. This podcast began life as an audio diary, an anonymous outlet for somebody with this weird condition. That Hoarder speaks about her experiences living with compulsive hoarding, she interviews therapists, academics, researchers, children of hoarders, professional organisers and influencers, and she shares insight and tips for others with the problem. Listened to by people who hoard as well as those who love them and those who work with them, Overcome Compulsive Hoarding with That Hoarder aims to shatter the stigma, share the truth and speak openly and honestly to improve lives. The Small Business Startup School – Business Notes | Financial Literacy | Retail Psychology – For Professionals & Entrepreneurs The Small Business Startup School Inc. Starting or buying a small business? While personal circumstances may vary, business patterns remain timeless. On The Small Business Startup School, we explore strategies, insights, and practical solutions to help entrepreneurs confidently navigate their journey.Hosted by Ola Williams—a retail entrepreneur, fintech founder, and financial coach with over two decades of experience—this podcast marries financial awareness and retail psychology with optimism to deliver actionable takeaways.Join us to learn, grow, and connect as we uncover the keys to business success.Let’s continue to learn together and be encouraged to keep on connecting! DIOSA. Carolina Sanper This podcast is a sacred space created by Carolina Sanper where you connect with your inner wisdom and embody your magnetic feminine power.It is the realization that the mystical realm is where you plant the seeds of your desired reality.It is a portal to your true essence: awareness, presence, and receiving with ease. Welcome home, DIOSA. 🖤 XXX Tech by SOVRYN Dr. Brian Sovryn The crossroads between technology, sensuality, and metaphysics - and the longest running anarchist podcast in the world! Brought to you by Dr. Brian Sovryn.

Frequently Asked Questions

How long is this episode of Cyber Threat Intelligence Podcast?

This episode is 21 minutes long.

When was this Cyber Threat Intelligence Podcast episode published?

This episode was published on March 17, 2026.

What is this episode about?

Is there a transcript available for this episode?

Yes, a full transcript is available for this episode. You can read the complete transcript on the episode page.

Can I download this Cyber Threat Intelligence Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.

URL copied to clipboard!