Explore the intricacies of OpenBSM auditing on macOS in this comprehensive 51-minute talk by Patrick Wardle. Dive into the goals, capabilities, and components of OpenBSM, examining its kernel-mode implementation and learning how to build powerful user-mode macOS monitoring utilities. Discover file, process, and networking monitors based on the OpenBSM framework and APIs. Investigate kernel bugs found during an audit of the audit subsystem, including an off-by-one read error, a kernel info leak, and an exploitable heap overflow. Gain insights into finding and exploiting various bug types that persisted in the macOS kernel for years. Benefit from Wardle's extensive experience in cybersecurity, including his work at NASA and the NSA, as he shares his expertise on automated vulnerability discovery and Mac malware threats.