Ryan Dowd @_rdowd
Principal @HuntressLabs | Former Detection & Response Principal @CrowdStrike | macOS Security Enthusiast Australia Joined May 2024-
Tweets116
-
Followers273
-
Following78
-
Likes166
Has my content ever helped you? I'd appreciate you making it known 🥰 After more than 6 years of free content, for the 1st time ever I've been nominated for a #SANSDMA Award 👀🎉 Voting is open until October 8 and I'm alongside other worthy recipients🙏 survey.sans.org/jfe/form/SV_6f…
We ❤️ supporting authors! At #OBTS v8, three amazing authors will be selling & signing their latest books 📚 1️⃣ "Threat Hunting macOS" by J. Bradley 2️⃣ "Disarming Code" by J. Levin 3️⃣ "The Art of Mac Malware (Vol. II)" by P. Wardle ...so make sure to grab your signed copy!
macOS Tahoe ships with a 0day ...based on a bug disclosed 8(!) years ago at #OBTS v1.0 🫣 New post: "From Spotlight to Apple Intelligence: Abusing an 0day to steal the data that fuels macOS AI": objective-see.org/blog/blog_0x81… ...with open-source PoC! Takeaway? Always attend #OBTS 😄
The blog post format of my talk, "Finding Vulnerabilities in Apple Packages at Scale", I presented at @securityfest and @MacDevOpsYVR is up at @KandjiOfficial 's blog. I cover CVE-2024-27883, CVE-2024-44196 and CVE-2024-44253. the-sequence.com/finding-vulner…
Apple has integrated Endpoint Security into Mach. I’ll look to see if I can find any clues in the source. The challenge is you can’t perform an AUTH or even get an EVENT for every Mach message. You’d overload the system. You can perform checks for less common messages like task
Has anybody else seen a number of their Apple bugs planned for the FALL 2025 release suddenly drop that tag? I've lost a few in the last 2 weeks.
🚨 SonicWall Exploitation (Zero Day?) 🚨 Huntress is tracking active intrusions via SonicWall devices. Threat actors are bypassing MFA, pivoting to domain controllers, deploying ransomware (likely Akira), and creating users for persistence. Pace suggests possible zero-day
Apple failed to fix this so many times. I first reported this back in macOS Big Sur, and it's literally detailed in my EXP-312 course in "Bypass TCC via Spotlight Importer Plugins"
Apple failed to fix this so many times. I first reported this back in macOS Big Sur, and it's literally detailed in my EXP-312 course in "Bypass TCC via Spotlight Importer Plugins" https://t.co/caxjQMtxOL
📢 Just dropped: the full #OBTS v8 talk lineup! objectivebythesea.org/v8/talks.html And for the first time we'll have 3 full days of presentations! 🤩 Congrats to the selected speakers and mahalo to all who submitted. With ~100 submissions, selecting the final talks was a daunting task! 😫
📣 Some good news on the training front: 🎉 we teamed up with @gergely_kalman and by bringing in our different expertise in the field will make this training even better 🎉 we should be ready by early 2026 🎉 we aim to deliver it in 3 public conferences 🎉 first two modules are…
Yes yes I know macOS 26 is in beta, but it just tickles me that the quirky Setup Assistance ui bugs that were squashed in Sequoia are back! _mbsetupuser TCC enforcement is non-standard. Coupled with an LPE this would be a cheeky way to mess with new hardware, as it was pre 15.3.
macOS 26 (beta) Endpoint Security enhancements: - es_process_t adds es_cs_validation_category_t indicating code signature policy; - iokit_open adds parent_path & parent_registry_id; and - xp_malware_detected gains detected_executable for accurate binary path (e.g in app bundles).
🎙️😍 Was stoked to talk nerdy on the @MacAdmPodcast! If you're interested in macOS malware, Apple security & detection, and much more, have a listen: linkedin.com/feed/update/ur…
New RE Video: youtube.com/watch?v=2Bj3rz… Spent some time reversing a recent sample that uses a bit of obfuscation (made easier with a Binary Ninja script), sets up persistence, and uses curl APIs. This one is a little longer than usual but fun since I go through most of the sample.
I doubt that I was the first to find this quirky bug, however the impact of basically having tccd fail open was very easy to overlook. Remains unpatched in Ventura and Sonoma unfortunately.
NEW macOS 15.4 🥫🍝 sauce! 🎉 xnu: github.com/apple-oss-dist… dyld: github.com/apple-oss-dist… objc4: github.com/apple-oss-dist… Security: github.com/apple-oss-dist… Libc: github.com/apple-oss-dist… - this post was generated by `ipsw` 🤖
Received minutes apart for an account I created maybe a decade ago and never use. Breach disclosure incoming?
This post by @theevilbit has inspired many subsequent successful tcc bypasses, including one I managed to obtain overnight on 15.5 beta 1. Worth giving it a read, a re-read, a re-re-read, etc kandji.io/blog/malware-b…
Drolee @Drolee7568
4 Followers 466 Following
EleanoreDickey @4Icy1O0GDaz8R
0 Followers 182 Following
- - @rand0asdf
9 Followers 171 Following
MignonIII. @z8Bd8BE97P717q
1 Followers 372 Following
BarbaraBeerbohm @aX5nwwm9k0Z2U
0 Followers 354 Following
Qerlea @Qerlea5066
1 Followers 578 Following
BellaCooke @Z7S71507YQ3991
0 Followers 413 Following
James Northey @darkrym11
35 Followers 93 Following SOC Analyst @HuntressLabs | Malware junkie | 5+ yrs in Military Cyber Always learning, always curious
Jin Hee Lee @JinHeeLee395483
1 Followers 47 Following
Arin Waichulis @arinwaichulis
5K Followers 434 Following security writer and social media @9to5mac network. i research (🖤) all things Mac malware and threat actors ⚔️
WIΞST ¯\_(ツ)_/¯ @w3stw0rld
57 Followers 2K Following
Shina Mashiro @ShiinaaM
399 Followers 3K Following Microsoft Sentinel Enthusiast | 4n6 Investigator | Cloud Security | 🇮🇩 S.Kom
Vaisov Bek @vaisovbek
854 Followers 6K Following Security Researcher aka Bug Bounty Hunter | CTF Player
tohrxyz @tohrxyz
482 Followers 191 Following i make computer do magic things 🪄 previously @pwndao & @siml_ai , one of people @parallelpoliske
Nitesh Surana @_niteshsurana
693 Followers 1K Following Cloud Research w/ Trend Micro | Opinions/retweets are personal reflections | Metalhead | If you can, be kind.
prajeesh kumar @prajeeshkt
13 Followers 313 Following
Luke Roberts @rookuu_
794 Followers 481 Following Red Team. macOS Security. Ex-@mwrlabs. Building @phoriontech
Ojaswi Kumar Mishra�... @0xojaxwi
74 Followers 2K Following Old-school Malware & Offensive Security REsearcher | ⚡Kernel Pwner⚡
CL @CL207
259K Followers 11K Following ex trading desk @ hokkaido ginko user @ google maps street view mid and small cap stocks/crypto mentions in reply = blocked no nsfw, no check dm, no telegram
Faraday @0xffaraday
137 Followers 140 Following Security Analyst @Huntresslabs | SGF2ZSBhIG5pY2UgZGF5IQ== | Personal opinions and research are my own and don’t represent my employer
Jonathan Semon @JSemonSecurity
120 Followers 53 Following Malware Hunter | Huntress SOC Principal Analyst | USAF Veteran
Cesar Quezada @mc_quezada_
632 Followers 1K Following Digital forensics, incident response, and systems that tell stories. Also into fitness and tech.
Ross @PwnDexter
1K Followers 297 Following Security Engineer | Ex Red Team Lead now turned Blue Team | Author of SharpEDRChecker | Build, Hack, Break, Fix, Learn, Repeat | Every day is a school day!
p1tsi @p1tsist1p
57 Followers 279 Following (deny default)(deny connections-inbound (remote profile “spam”))(allow likes-*)(allow comments-*)(deny comments-inbound (content-type “spam”))(opinions mine)
Adam @AdamMooney97
24 Followers 395 Following
nuyo4h @nuyo4h
0 Followers 3K Following
DannyFromSafeStore @FromSafe68826
29 Followers 597 Following
Siddharth @Sid_3112
0 Followers 5 Following
رجب المصرى @asdwww1012
3 Followers 785 Following
Calum Hall @_calumhall
956 Followers 339 Following Co-Founder of Phorion 🔍| Threat Detection and Response Manager at GitHub 👨💻| macOS researcher 🍎 | BlackHat speaker 2021 📢 Opinions are my own
JESUS IS LORD @djrelentt
10K Followers 3K Following “JESUS ANSWERED AND SAID TO HIM, “MOST ASSUREDLY, I SAY TO YOU, UNLESS ONE IS BORN AGAIN, HE CANNOT SEE THE KINGDOM OF GOD.”” - John 3:3 —-—- WATCH 👇🏼
eLCryptoMaster.nft Ω... @elCryptoMaster
232 Followers 2K Following PUPPY #6355 https://t.co/UkSguYuS5W holamundo.crypto #UD 🏰 @guildxyz #AI2Earn
Anny @annycodes
161 Followers 518 Following 🧠 Building SaaS monthly | 💻 Trading systems & infra | ⚙️ Full-stack + hardware tinkerer | #buildinpublic
ShadowChi3f @Bru_9836
1 Followers 50 Following
N. @pallaksch_
8 Followers 725 Following
Shannon Evans @ShannonEva96879
2 Followers 172 Following Recruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/YWevbA8Qzz
Mouad معاذ Abouha... @_m00dy_
618 Followers 832 Following Security Reseacher/ Hacking is my motto , Marathon/Trailrunner/Climbing On my way to be a Fakir ... (#rev13 on freenode, a_m00dy_ on Instagram )
Tanner @wbmmfq
624 Followers 413 Following Senior Security Operations Analyst @HuntressLabs | @[email protected] | Views my own, obv.
M⚝Punkiller @Mpunkillers
304 Followers 1K Following SPROUT 🌱| BLOCKCHAIN WRITER | BLOCKCHAIN CONTRIBUTOR | BUILDING THE FUTURE | THANK GOD FOR LIFE!
RussianPanda 🐼 �... @RussianPanda9xx
16K Followers 533 Following Меня ищет МВД 🚔 | Threat Hunter @HuntressLabs | TRACLabs https://t.co/QNvr2yUuJM | Malware Addict | DFIR
Arin Waichulis @arinwaichulis
5K Followers 434 Following security writer and social media @9to5mac network. i research (🖤) all things Mac malware and threat actors ⚔️
Faraday @0xffaraday
137 Followers 140 Following Security Analyst @Huntresslabs | SGF2ZSBhIG5pY2UgZGF5IQ== | Personal opinions and research are my own and don’t represent my employer
Jonathan Semon @JSemonSecurity
120 Followers 53 Following Malware Hunter | Huntress SOC Principal Analyst | USAF Veteran
Ben @polygonben
938 Followers 925 Following SOC analyst @HuntressLabs | GCFA | Personal opinions and research are my own and don’t reflect my employer
tsunekoh @tsunek0h
770 Followers 124 Following Security Researcher, macOS, Arm-based Windows, @[email protected]
Florian Roth ⚡️ @cyb3rops
207K Followers 3K Following Head of Research @nextronsystems #DFIR #YARA #Sigma | detection engineer | creator of @thor_scanner, Aurora, Sigma, LOKI, YARA-Forge | always busy ⌚️🐇 | vi/vim
Jonathan Bar Or (JBO)... @yo_yo_yo_jbo
4K Followers 1K Following Hacker, security research architect for @Microsoft Defender. Member of @thegooniesctf. Linux, Windows, Android, MacOS, iOS, ChromeOS, bare metal. 日本語オーケーです👌
Max Rogers @MaxRogers5
3K Followers 1K Following Sr. Director of SOC at Huntress. Ex-Mandiant/FireEye. Bringing security to the Fortune 5,000,000.
Luke Roberts @rookuu_
794 Followers 481 Following Red Team. macOS Security. Ex-@mwrlabs. Building @phoriontech
Tanner @wbmmfq
624 Followers 413 Following Senior Security Operations Analyst @HuntressLabs | @[email protected] | Views my own, obv.
Pedro José Pereira V... @pvieito
813 Followers 612 Following Data & Electronics Engineer. Swift Developer. 🇪🇺
Matt Shockley @mattshockl
152 Followers 69 Following
Alex Plaskett @alexjplaskett
12K Followers 572 Following Security Researcher | Pwn2Own 2018, 2021, 2022, 2024 | Posts about 0day, OS, mobile and embedded security.
Anton @Antonlovesdnb
5K Followers 3K Following Blue Team stuff | Trying to be a decent human being | @munkschool Grad | Hunt & Response @HuntressLabs
Ian Beer @i41nbeer
48K Followers 147 Following
Rem @sudo_Rem
647 Followers 336 Following Senior Hunt & Response Analyst @HuntressLabs | GPEN, GCFA, GCFE, GCIA, GCIH | Python Security Researcher
Andrew @4ndr3w6S
3K Followers 2K Following Detection Engineering @HuntressLabs | Prev. Practice Lead, TAC (Purple Team) @TrustedSec | @SpursOfficial Super Fan - COYS!
Dray Agha @Purp1eW0lf
6K Followers 3K Following Hunt & Response Senior Manager @HuntressLabs || "Competition is the law of the jungle, but cooperation is the law of civilisation” - Kropotkin
Mathieu Tarral @mtarral
2K Followers 1K Following Security Research @intel IntelLabs/kAFL : HW assisted feedback fuzzer for x86 VMs intel/tsffs : Coverage guided fuzzer built on SIMICS
Ahmed NB @nu11charb
3K Followers 363 Following Security Research @Confidential. Youtube: https://t.co/K5TdVRtOPY Founder of Ask-Academy: https://t.co/Cq8I2yW96Z
Andy Rozenberg @andyrozen
401 Followers 396 Following
Adam Chester 🏴�... @_xpn_
36K Followers 502 Following Hacker for Hire at @SpecterOps | Blog at https://t.co/tjfTOllCEu | Insta at https://t.co/PqR6CZPwjl
DefSecSentinel @DefSecSentinel
2K Followers 1K Following Senior Security Research Engineer, Threat Research and Detection Development @Elastic, 179CPT Cyber Operations Technician 170A @MOARNG
Maddie Stewart @madzincyber
112 Followers 68 Following intelligence team @CrowdStrike // views are my own
clearbluejar @clearbluejar
2K Followers 364 Following Security Researcher | Founder @clearseclabs | Research | Learn | Write | Code | Repeat | https://t.co/0lF2NPtj5H | Author of #ghidriff | #patchdiffing
Bill Marczak @billmarczak
13K Followers 357 Following senior researcher @citizenlab, phd @UCBerkeley, co-founder @BHWatch. كلنا راجعين
christine 🌸💐�... @x71n3
1K Followers 874 Following 'Don't miss opportunities because you think that ideas aren't important unless they're complicated. Simple ideas are often the most powerful.' -Patrick Winston
Calum Hall @_calumhall
956 Followers 339 Following Co-Founder of Phorion 🔍| Threat Detection and Response Manager at GitHub 👨💻| macOS researcher 🍎 | BlackHat speaker 2021 📢 Opinions are my own
Nicholas Larson @NicholasLars0n
285 Followers 461 Following The ramblings of a traveler🧭, petrolhead🚙, boardgamer🎲, #MacAdmin👨🏻💻, and taco devourer🌮 yelling to /dev/null. views=own()
Adam Scheblein @scheblein
1K Followers 5K Following Father. Husband. Believer. Mac enthusiast. https://t.co/bZPAle8eiZ
alden @birchb0y
3K Followers 2K Following sr threat researcher @ huntress • re/malware enjoyer • macOS security
ApplSec @ApplSec
1K Followers 3 Following Stay up-to-date with security fixes to Apple's ecosystem! 📲 💻 - Not affiliated with Apple Inc. 🍎 - @[email protected] 🐘 - @applsec.bsky.social 🦋
Phil Stokes ⫍🐠�... @philofishal
3K Followers 478 Following Now exclusively on bluesky @philofishal.bsky.social
Mykola Grymalyuk @khronokernel
5K Followers 124 Following Stuff at Fruit Co. Formerly OpenCore Legacy Patcher.
Olivia Gallucci ✨ @OliviaGalluccii
5K Followers 1K Following Security @ Datadog | MacOS Internals | #FOSS Advocate | Opinions ≠ Employer | @intelligentCTF @oghealthfitness | RIT | Prev. Apple, SECUINFRA, US GovtTrends for United States
You might like
