July 2023 – MacAdmins Meeting

July 2023 – MacAdmins Meeting

July 19th, 2023 – University of Utah, MacAdmins Meeting


The University of Utah, MacAdmins Meeting is held monthly virtually on the 3rd Wednesday of each month at 11 AM Mountain Time. Presentations cover Apple technology and integration in a heterogeneous university enterprise environment. This month’s meeting will be held on Wed, July 19th, 2023 at 11 AM MT and we will provide live broadcasts and archives that will be made available 2-3 days after the meeting.


Aftermath – Matt Benyo and Stuart Ashenbrenneer

Aftermath is an open-source incident response framework developed in Swift. It allows defenders to collect and analyze data from compromised hosts. Aftermath runs a series of modules for data collection, and the output can be written to a specified location or the default /tmp directory. The collected data can be analyzed using the –analyze argument. Aftermath needs root access and full disk access to run. The framework supports various options such as specifying output locations, performing deep scans, and using external text files with unified log predicates. Aftermath can be installed via an available package and uninstalled using the provided uninstaller. There are also options to specify collect directories, enable pretty Terminal output, and perform the cleanup.

Join us as we delve into the world of Aftermath, Jamf’s open-source, Swift-based incident response tool that helps you quickly and efficiently collect forensic data from compromised macOS endpoints. We will explore how Aftermath integrates seamlessly with Jamf Pro and Jamf Protect (neither is required), allowing for a streamlined incident response workflow that saves time and minimizes risk.

About Matt Benyo

Matt Benyo is a macOS Detections Developer at Jamf Software focused on writing detections, as well as analyzing macOS malware and its various techniques. He was previously a Jamf Systems Engineer and both a technician and a trainer at Apple before that.

About Stuart Ashenbrenner

Stuart Ashenbrenner works at Huntress as a Staff macOS Researcher, focusing on macOS security and development. He has spoken at various conferences about macOS security, including Objective by the Sea and MacDevOpsYVR. He is a co-author and core developer on the open-source, macOS incident response tool called Aftermath. He has previously worked as a macOS detection engineer and a software engineer.

  • Video – To view the archived presentation video, click here.
  • Slides – To view the archived presentation slides, click here.


Passkey Deployment  – John Yang, Ramp

Passkeys are a modern authentication method introduced by Apple. They are designed to replace traditional passwords and offer enhanced security and convenience. Passkeys utilize biometric authentication technologies like Touch ID or Face ID, allowing users to sign in quickly and securely without the need to remember complex passwords. Each passkey is unique to a specific app or website and is resistant to phishing attacks. When stored in iCloud Keychain, passkeys are synchronized across Apple devices, ensuring seamless access across multiple platforms. Passkeys provide a strong and reliable authentication solution, improving security and user experience in digital environments.

Passkeys represent the latest tool in the journey to a true Passwordless* Experience for users, without sacrificing security, and giving the most flexibility with roaming authenticators. Learn about some practical considerations for deploying Passkeys in its current iteration and implementation with Android/iOS, and why you may want to deploy them now, vs later.

About John Yang

Ramp is building the next generation of finance tools – from corporate cards and expense management, to bill payments and accounting integrations – all designed to save businesses time and money. Previously, John worked at Cruise, Alaska Airlines, and Virgin America before joining Ramp to lead the Corporate IT Team.

  • Video – To view the archived presentation video, click here.
  • Slides – To view the archived presentation slides, click here.


HP Anywhere – Christopher Collins, HP

HP Anyware, formerly known as Teradici, is a technology company that specializes in secure virtual workspace solutions. Their platform, powered by PCoIP (PC-over-IP) technology, enables various work styles and systems, including local, remote, mobile, and collaborative environments. Teradici’s PCoIP technology has been widely adopted across industries such as media, entertainment, finance, healthcare, and more. In 2021, Teradici was acquired by Hewlett-Packard (HP) and renamed HP Anyware. This acquisition provided HP with access to Teradici’s PCoIP technology, enhancing its virtual desktop performance capabilities. Notable customers of HP Teradici include Amazon Web Services, Microsoft Azure, Google Cloud, and VMware, among others. One of their key offerings is HP Anyware, a remote workstation and digital workspace software solution that provides secure access to digital workspaces. Built on PCoIP technology, HP Anyware consists of PCoIP Agents, which can be installed on various host environments, PCoIP Clients for different end-user devices, and Anywhere Manager for MacAdmins administrators to manage PCoIP connections and user access. HP Anyware caters to a wide range of industries, offering high responsiveness, color accuracy, and lossless graphics performance. It serves government agencies, media conglomerates, production studios, financial firms, educational institutions, design houses, and more. During this presentation, an overview of their current macOS features and then will show a live demo remotely connecting to a Mac.

  • Video – To view the archived presentation video, click here.
  • Slides – To view the archived presentation slides, click here.


Open Discussion

Questions, comments, problems, and fixes.



Due to the coronavirus (aka Covid-19) crisis, this meeting will not be meeting in person but will currently be done virtually using Zoom video communications architecture.

With Zoom we will implement the following security best practices:
  • Require a Password to Join This meeting will require a password to join the meeting. Information will be emailed via a campus internal list, but if you are external and want to attend the meeting, please use the contact us form to receive details. Else, the archive of the meeting will be available 2-3 days after the live meeting.

    • Waiting Room When joining the meeting you will be placed in the Waiting Room by default and the hosts will give you access to the live meeting.

  • Miscellaneous We will also implement other settings and safeguards to secure the meeting.

Archived Presentation(s)

  • Archives of the presentations will be available on this web page.
No Comments

Leave a Reply