If you are interested in participating in our Huntress macOS Beta, please sign up here.
What is included with the macOS Private Beta?
Our first iteration of the Huntress macOS agent will be focused on seamless installation and threat hunting for persistence.
Even on different platforms, the fundamental attacker tactics and tradecraft concepts are actually quite similar. Persistence remains a common high fidelity tactic and is a key indicator in a majority of attacks seen in macOS. Based on our extensive threat research, we have selected the most common persistence mechanisms exploited by macOS attacks and collect them through our agent for review.
It also includes a self-updater, similar to the updating experience with the Huntress Windows agent. macOS Assisted Remediation is currently not available on macOS for footholds, but rest assured we are working on it!
What Operating Systems will be supported?
The Huntress macOS agent in Beta will run on both Intel and M1 running macOS 10.15 Catalina and above.
How “baked” is the macOS agent in private beta?
We have done extensive testing so far with our macOS agent, including rolling out to all of our macOS users within Huntress. No major issues with installation or software compatibility so far! 🤞 That being said, our primary goal for the private beta is for us to find additional scenarios and edge cases so that we can identify and address any remaining issues.
Our ThreatOps team is also engaged in reviewing and monitoring macOS persistence collected by our agent, which is still in an active learning phase as part of the beta to understand efficacy and visibility. This beta phase will help us validate all of our operational workflows, help us identify gaps in our visibility, collect feedback to help us prioritize additional items we need to develop, and then prepare Huntress for scale.
The installation today is through the use of an installation script. This script will prompt for your account and organization keys, then downloads and installs the latest Huntress agent onto the associated Mac.
Once we have confirmed your participation in our beta, we will enable macOS for your account. From there, you should be able to:
- Go to the top right hamburger menu of the Huntress Portal and click on “Download Agent”
- A section should now appear for macOS Installation Script.
- Click to Show Link
- Click on the link to download the script.
- To run the install script manually, run the following:
sudo bash ./path/to/your/downloads/HuntressMacInstall.sh
- Then follow the prompts for your Account Key and for your Organization Key. Your Account key should be found on the Download Agent page. Your Organization key will be found if you go to Organizations in the top menu and selecting the key for the relevant organization.
Will I be billed for these macOS agents?
Yes, installed macOS agents in the private beta will be included in your billed agent count. If you have any questions or concerns about this, please reach out to firstname.lastname@example.org to address any specific needs, questions, or have feedback.
Lastly, we just want to express a big thank you for testing our macOS agent. We are proud to be part of this community and incredibly thankful to have partners like you who are generous with their time and feedback.