Ryan Dowd @_rdowd
Principal @HuntressLabs | Former Detection & Response Principal @CrowdStrike | macOS Security Enthusiast Australia Joined May 2024-
Tweets107
-
Followers268
-
Following76
-
Likes159
Apple has integrated Endpoint Security into Mach. I’ll look to see if I can find any clues in the source. The challenge is you can’t perform an AUTH or even get an EVENT for every Mach message. You’d overload the system. You can perform checks for less common messages like task
Has anybody else seen a number of their Apple bugs planned for the FALL 2025 release suddenly drop that tag? I've lost a few in the last 2 weeks.
🚨 SonicWall Exploitation (Zero Day?) 🚨 Huntress is tracking active intrusions via SonicWall devices. Threat actors are bypassing MFA, pivoting to domain controllers, deploying ransomware (likely Akira), and creating users for persistence. Pace suggests possible zero-day
Apple failed to fix this so many times. I first reported this back in macOS Big Sur, and it's literally detailed in my EXP-312 course in "Bypass TCC via Spotlight Importer Plugins"
Apple failed to fix this so many times. I first reported this back in macOS Big Sur, and it's literally detailed in my EXP-312 course in "Bypass TCC via Spotlight Importer Plugins" https://t.co/caxjQMtxOL
📢 Just dropped: the full #OBTS v8 talk lineup! objectivebythesea.org/v8/talks.html And for the first time we'll have 3 full days of presentations! 🤩 Congrats to the selected speakers and mahalo to all who submitted. With ~100 submissions, selecting the final talks was a daunting task! 😫
📣 Some good news on the training front: 🎉 we teamed up with @gergely_kalman and by bringing in our different expertise in the field will make this training even better 🎉 we should be ready by early 2026 🎉 we aim to deliver it in 3 public conferences 🎉 first two modules are…
Yes yes I know macOS 26 is in beta, but it just tickles me that the quirky Setup Assistance ui bugs that were squashed in Sequoia are back! _mbsetupuser TCC enforcement is non-standard. Coupled with an LPE this would be a cheeky way to mess with new hardware, as it was pre 15.3.
macOS 26 (beta) Endpoint Security enhancements: - es_process_t adds es_cs_validation_category_t indicating code signature policy; - iokit_open adds parent_path & parent_registry_id; and - xp_malware_detected gains detected_executable for accurate binary path (e.g in app bundles).
🎙️😍 Was stoked to talk nerdy on the @MacAdmPodcast! If you're interested in macOS malware, Apple security & detection, and much more, have a listen: linkedin.com/feed/update/ur…
New RE Video: youtube.com/watch?v=2Bj3rz… Spent some time reversing a recent sample that uses a bit of obfuscation (made easier with a Binary Ninja script), sets up persistence, and uses curl APIs. This one is a little longer than usual but fun since I go through most of the sample.
I doubt that I was the first to find this quirky bug, however the impact of basically having tccd fail open was very easy to overlook. Remains unpatched in Ventura and Sonoma unfortunately.
NEW macOS 15.4 🥫🍝 sauce! 🎉 xnu: github.com/apple-oss-dist… dyld: github.com/apple-oss-dist… objc4: github.com/apple-oss-dist… Security: github.com/apple-oss-dist… Libc: github.com/apple-oss-dist… - this post was generated by `ipsw` 🤖
Received minutes apart for an account I created maybe a decade ago and never use. Breach disclosure incoming?
This post by @theevilbit has inspired many subsequent successful tcc bypasses, including one I managed to obtain overnight on 15.5 beta 1. Worth giving it a read, a re-read, a re-re-read, etc kandji.io/blog/malware-b…
If you’re hunting for macOS stealers, this VirusTotal query yields good results: type:script filename:"/Volumes/" filename:".file" behavior_command_executions:base64
Trust me-- watch previous OBTS presentations on YouTube with a Terminal window open. You will find bugs! And any paid bounty would more than cover your attendance at future OBTS conferences It really can pay for itself!
Trust me-- watch previous OBTS presentations on YouTube with a Terminal window open. You will find bugs! And any paid bounty would more than cover your attendance at future OBTS conferences It really can pay for itself!
Very excited to be announcing that I am starting at @HuntressLabs in a couple of weeks. Working with friends old and new!
Patti @patti_nelson94
253 Followers 3K Following
James Northey @darkrym11
16 Followers 88 Following SOC Analyst @HuntressLabs | Malware junkie | 5+ yrs in Military Cyber Always learning, always curious
Jin Hee Lee @JinHeeLee395483
1 Followers 46 Following
Arin Waichulis @arinwaichulis
5K Followers 433 Following security writer and social media @9to5mac @electrekco @9to5google. i research all things malware and threat actors ⚔️
WIΞST ¯\_(ツ)_/¯ @w3stw0rld
60 Followers 2K Following
Shina Mashiro @ShiinaaM
402 Followers 3K Following Microsoft Sentinel Enthusiast | 4n6 Investigator | Cloud Security | 🇮🇩 S.Kom
Vaisov Bek @vaisovbek
867 Followers 6K Following Security Researcher aka Bug Bounty Hunter | CTF Player
tohrxyz @tohrxyz
487 Followers 185 Following i make computer do magic things 🪄 previously @pwndao & @siml_ai , one of people @parallelpoliske
Nitesh Surana @_niteshsurana
689 Followers 1K Following Cloud Research w/ Trend Micro | Opinions/retweets are personal reflections | Metalhead | If you can, be kind.
prajeesh kumar @prajeeshkt
13 Followers 311 Following
Luke Roberts @rookuu_
790 Followers 480 Following Red Team. macOS Security. Ex-@mwrlabs. Building @phoriontech
Ojaswi Kumar Mishra�... @0xojaxwi
74 Followers 2K Following Old-school Malware & Offensive Security REsearcher | ⚡Kernel Pwner⚡
CL @CL207
257K Followers 11K Following ex trading desk @ hokkaido ginko user @ google maps street view mid and small cap stocks/crypto mentions in reply = blocked fan art ok, no nsfw, no check dm
Faraday @0xffaraday
134 Followers 128 Following Security Analyst @Huntresslabs | SGF2ZSBhIG5pY2UgZGF5IQ== | Personal opinions and research are my own and don’t represent my employer
Jonathan Semon @JSemonSecurity
99 Followers 47 Following Malware Hunter | Huntress SOC Principal Analyst | USAF Veteran
Cesar Quezada @mc_quezada_
636 Followers 1K Following Digital forensics, incident response, and systems that tell stories. Also into fitness and tech.
Ross @PwnDexter
1K Followers 297 Following Security Engineer | Ex Red Team Lead now turned Blue Team | Author of SharpEDRChecker | Build, Hack, Break, Fix, Learn, Repeat | Every day is a school day!
p1tsi @p1tsist1p
56 Followers 275 Following (deny default)(deny connections-inbound (remote profile “spam”))(allow likes-*)(allow comments-*)(deny comments-inbound (content-type “spam”))(opinions mine)
Adam @AdamMooney97
23 Followers 391 Following
nuyo4h @nuyo4h
0 Followers 2K Following
DannyFromSafeStore @FromSafe68826
29 Followers 559 Following
Siddharth @Sid_3112
0 Followers 5 Following
رجب المصرى @asdwww1012
1 Followers 775 Following
Calum Hall @_calumhall
951 Followers 336 Following Co-Founder of Phorion 🔍| Threat Detection and Response Manager at GitHub 👨💻| macOS researcher 🍎 | BlackHat speaker 2021 📢 Opinions are my own
JESUS IS LORD @djrelentt
10K Followers 3K Following “JESUS ANSWERED AND SAID TO HIM, “MOST ASSUREDLY, I SAY TO YOU, UNLESS ONE IS BORN AGAIN, HE CANNOT SEE THE KINGDOM OF GOD.”” - John 3:3 —-—- WATCH 👇🏼
eLCryptoMaster.nft Ω... @elCryptoMaster
227 Followers 2K Following PUPPY #6355 https://t.co/UkSguYuS5W holamundo.crypto #UD 🏰 @guildxyz #AI2Earn
Anny @annycodes
161 Followers 520 Following 🧠 Building SaaS monthly | 💻 Trading systems & infra | ⚙️ Full-stack + hardware tinkerer | #buildinpublic
ShadowChi3f @Bru_9836
1 Followers 50 Following
N. @pallaksch_
8 Followers 725 Following
Shannon Evans @ShannonEva96879
2 Followers 173 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/YWevbA8Qzz
Mouad معاذ Abouha... @_m00dy_
619 Followers 833 Following Security Reseacher/ Hacking is my motto , Marathon/Trailrunner/Climbing On my way to be a Fakir ... (#rev13 on freenode, a_m00dy_ on Instagram )
Tanner @wbmmfq
600 Followers 400 Following Senior Security Operations Analyst @HuntressLabs | @[email protected]
M⚝Punkiller @Mpunkillers
280 Followers 1K Following SPROUT 🌱| BLOCKCHAIN WRITER | BLOCKCHAIN CONTRIBUTOR |
WiFi-NY @WiFi_NY
877 Followers 5K Following New York City's Wireless Neighborhood Network. Serving residents, non-profits & small businesses with fair & affordable member-supported access since 2003.
Max Rogers @MaxRogers5
3K Followers 1K Following Sr. Director of SOC at Huntress. Ex-Mandiant/FireEye. Bringing security to the Fortune 5,000,000.
Matt Shockley @mattshockl
153 Followers 69 Following
JunkieLord @JunkieL0rd
15 Followers 174 Following
Jacolon Walker @call_eax
136 Followers 696 Following Ex-founder | 🛡️ Security Researcher | 👨🌾 Homesteader | Fun project: https://t.co/RIkq9oyM57 to organize your links.
比个心 @vbigthing
92 Followers 4K Following
Arin Waichulis @arinwaichulis
5K Followers 433 Following security writer and social media @9to5mac @electrekco @9to5google. i research all things malware and threat actors ⚔️
Faraday @0xffaraday
134 Followers 128 Following Security Analyst @Huntresslabs | SGF2ZSBhIG5pY2UgZGF5IQ== | Personal opinions and research are my own and don’t represent my employer
Jonathan Semon @JSemonSecurity
99 Followers 47 Following Malware Hunter | Huntress SOC Principal Analyst | USAF Veteran
Ben @polygonben
916 Followers 903 Following SOC analyst @HuntressLabs | GCFA | Personal opinions and research are my own and don’t reflect my employer
tsunekoh @tsunek0h
751 Followers 120 Following Security Researcher, macOS, Arm-based Windows, @[email protected]
Florian Roth ⚡️ @cyb3rops
206K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Jonathan Bar Or (JBO)... @yo_yo_yo_jbo
4K Followers 1K Following Hacker, security research architect for @Microsoft Defender. Member of @thegooniesctf. Linux, Windows, Android, MacOS, iOS, ChromeOS, bare metal. 日本語オーケーです👌
Max Rogers @MaxRogers5
3K Followers 1K Following Sr. Director of SOC at Huntress. Ex-Mandiant/FireEye. Bringing security to the Fortune 5,000,000.
Luke Roberts @rookuu_
790 Followers 480 Following Red Team. macOS Security. Ex-@mwrlabs. Building @phoriontech
Tanner @wbmmfq
600 Followers 400 Following Senior Security Operations Analyst @HuntressLabs | @[email protected]
Pedro José Pereira V... @pvieito
814 Followers 611 Following Data & Electronics Engineer. Swift Developer. 🇪🇺
Matt Shockley @mattshockl
153 Followers 69 Following
Alex Plaskett @alexjplaskett
12K Followers 571 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Anton @Antonlovesdnb
5K Followers 3K Following Blue Team stuff | Trying to be a decent human being | @munkschool Grad | Hunt & Response @HuntressLabs
Ian Beer @i41nbeer
48K Followers 147 Following
Rem @sudo_Rem
604 Followers 320 Following Senior Hunt & Response Analyst @HuntressLabs | GPEN, GCFA, GCFE, GCIA, GCIH | Python Security Researcher
Andrew @4ndr3w6S
3K Followers 2K Following Detection Engineering @HuntressLabs | Prev. Practice Lead, TAC (Purple Team) @TrustedSec | @SpursOfficial Super Fan - COYS!
Josh Allman @xorJosh
1K Followers 1K Following Personal opinions and research are my own and don’t represent my employer | Senior Hunt & Response Analyst @HuntressLabs
Dray Agha @Purp1eW0lf
6K Followers 3K Following Hunt & Response Senior Manager @HuntressLabs || "Competition is the law of the jungle, but cooperation is the law of civilisation” - Kropotkin
Mathieu Tarral @mtarral
2K Followers 1K Following Security Research @intel IntelLabs/kAFL : HW assisted feedback fuzzer for x86 VMs intel/tsffs : Coverage guided fuzzer built on SIMICS
Ahmed NB @nu11charb
3K Followers 363 Following Security Research @Confidential. Youtube: https://t.co/K5TdVRtOPY Founder of Ask-Academy: https://t.co/Cq8I2yW96Z
Andy Rozenberg @andyrozen
399 Followers 395 Following
Adam Chester 🏴�... @_xpn_
36K Followers 501 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
DefSecSentinel @DefSecSentinel
2K Followers 1K Following Senior Security Research Engineer, Threat Research and Detection Development @Elastic, 179CPT Cyber Operations Technician 170A @MOARNG
Maddie Stewart @madzincyber
110 Followers 68 Following intelligence team @CrowdStrike // views are my own
clearbluejar @clearbluejar
2K Followers 360 Following Security Researcher | Founder @clearseclabs | Research | Learn | Write | Code | Repeat | https://t.co/0lF2NPtj5H | Author of #ghidriff | #patchdiffing
Bill Marczak @billmarczak
13K Followers 358 Following senior researcher @citizenlab, phd @UCBerkeley, co-founder @BHWatch. كلنا راجعين
christine 🌸💐�... @x71n3
1K Followers 875 Following 'Don't miss opportunities because you think that ideas aren't important unless they're complicated. Simple ideas are often the most powerful.' -Patrick Winston
Calum Hall @_calumhall
951 Followers 336 Following Co-Founder of Phorion 🔍| Threat Detection and Response Manager at GitHub 👨💻| macOS researcher 🍎 | BlackHat speaker 2021 📢 Opinions are my own
Nicholas Larson @NicholasLars0n
286 Followers 458 Following The ramblings of a traveler🧭, petrolhead🚙, boardgamer🎲, #MacAdmin👨🏻💻, and taco devourer🌮 yelling to /dev/null. views=own()
Adam Scheblein @scheblein
1K Followers 5K Following Father. Husband. Believer. Mac enthusiast. https://t.co/bZPAle8eiZ
alden @birchb0y
3K Followers 2K Following sr threat researcher @ huntress • re/malware enjoyer • macOS security
ApplSec @ApplSec
1K Followers 3 Following Stay up-to-date with security fixes to Apple's ecosystem! 📲 💻 - Not affiliated with Apple Inc. 🍎 - @[email protected] 🐘 - @applsec.bsky.social 🦋
Phil Stokes ⫍🐠�... @philofishal
3K Followers 477 Following Now exclusively on bluesky @philofishal.bsky.social
Mykola Grymalyuk @khronokernel
5K Followers 123 Following Stuff at Fruit Co. Formerly OpenCore Legacy Patcher.
Olivia Gallucci ✨ @OliviaGalluccii
5K Followers 1K Following Security @ Datadog | MacOS Internals | #FOSS Advocate | Opinions ≠ Employer | @intelligentCTF @oghealthfitness | RIT | Prev. Apple, SECUINFRA, US Govt
BGT @realBrightiup
7K Followers 700 Following
Trends for United States
You might like
