MacLock is a blue team lab that falls under the Endpoint Forensics category and will cover the following subjects: Sublime Text, Python3, Chainbreaker, Exiftool.
Learning Objectives
Investigate macOS authentication artifacts, decrypt `kcpassword`, and extract secure notes from `login.keychain-db` using `Chainbreaker` to reconstruct user activity.