AI for Mac Security

Details

Day 1 – Building Your Foundation & Malware Detection

Start your journey by setting up your MacBook with essential tools and machine learning libraries. We'll ensure everyone's environment is ready for action. Together, we'll explore the basics of Mach-O file formats—the backbone of macOS applications—to discover valuable static features hidden inside binaries. You'll learn practical methods for collecting and labeling malware datasets, leveraging publicly available sources. In an interactive lab, you'll get hands-on experience cleaning datasets and extracting critical features from real binaries. With these skills, you'll train your first machine learning model using extracted data. We’ll wrap up by evaluating your model, exploring key performance metrics, helping you understand exactly how well your model is performing.

Day 2 – Diving Deeper: Neural Networks & Endpoint Security

Building on day one, we’ll dive deeper into feature extraction from Mach-O files, focusing on extracting meaningful code-level features. You'll participate in a practical lab, extracting and analyzing these features from example binaries. Next, you'll move into neural network modeling, working directly with features that represent what the software actually does. We’ll convert your models to Apple's Core ML format and optimize them specifically for Apple Silicon, including real-world experiments to showcase the power of the Apple Neural Engine.Later in the day, you’ll explore macOS’s Endpoint Security Framework (ESF)—a powerful tool to monitor processes and command-line activity. With real-world command logs at your fingertips, you'll perform hands-on exercises to prepare this data for analysis. You'll learn how to clean, normalize, and vectorize command histories, laying the groundwork for anomaly detection.

Day 3 – Unleashing LLMs for Command-line Threat Detection

On day three, you'll apply advanced techniques to detect risky or malicious command-line activities using Large Language Models (LLMs). We'll start by revisiting the prepared command history data, guiding you step-by-step through building an anomaly detection model to spot unusual command patterns.The highlight of the day is your introduction to LLMs for semantic analysis of command intent. You’ll master prompt engineering—crafting effective prompts to maximize the power of LLMs—and evaluate different approaches to see firsthand how LLMs stack up against traditional methods. We'll use tools like Ollama to run LLMs locally and also use APIs of hosted LLMs. We’ll close the training with interactive experimentation, refining your models, and applying everything you've learned into an exciting final project.

About the trainer

Dr. Kimo Bumanglag is a Member of Technical Staff at OpenAI focused on threat hunting and intelligence.He also serves as an adjunct lecturer at Johns Hopkins University, where he’s committed to making complex cybersecurity topics accessible and mentoring the next generation of security professionals. In addition, he spent years training people for the NSA, US Marine Corps, and US Air Force in offensive and defensive cyber operations.

• Questions?