Has my content ever helped you? I'd appreciate you making it known 🥰
After more than 6 years of free content, for the 1st time ever I've been nominated for a #SANSDMA Award 👀🎉
Voting is open until October 8 and I'm alongside other worthy recipients🙏
survey.sans.org/jfe/form/SV_6f…
We ❤️ supporting authors!
At #OBTS v8, three amazing authors will be selling & signing their latest books 📚
1️⃣ "Threat Hunting macOS" by J. Bradley
2️⃣ "Disarming Code" by J. Levin
3️⃣ "The Art of Mac Malware (Vol. II)" by P. Wardle
...so make sure to grab your signed copy!
macOS Tahoe ships with a 0day ...based on a bug disclosed 8(!) years ago at #OBTS v1.0 🫣
New post: "From Spotlight to Apple Intelligence: Abusing an 0day to steal the data that fuels macOS AI": objective-see.org/blog/blog_0x81… ...with open-source PoC!
Takeaway? Always attend #OBTS 😄
Apple has integrated Endpoint Security into Mach. I’ll look to see if I can find any clues in the source.
The challenge is you can’t perform an AUTH or even get an EVENT for every Mach message. You’d overload the system.
You can perform checks for less common messages like task
🚨 SonicWall Exploitation (Zero Day?) 🚨
Huntress is tracking active intrusions via SonicWall devices.
Threat actors are bypassing MFA, pivoting to domain controllers, deploying ransomware (likely Akira), and creating users for persistence.
Pace suggests possible zero-day
Apple failed to fix this so many times. I first reported this back in macOS Big Sur, and it's literally detailed in my EXP-312 course in "Bypass TCC via Spotlight Importer Plugins"
Apple failed to fix this so many times. I first reported this back in macOS Big Sur, and it's literally detailed in my EXP-312 course in "Bypass TCC via Spotlight Importer Plugins" https://t.co/caxjQMtxOL
📢 Just dropped: the full #OBTS v8 talk lineup! objectivebythesea.org/v8/talks.html
And for the first time we'll have 3 full days of presentations! 🤩
Congrats to the selected speakers and mahalo to all who submitted. With ~100 submissions, selecting the final talks was a daunting task! 😫
📣 Some good news on the training front:
🎉 we teamed up with @gergely_kalman and by bringing in our different expertise in the field will make this training even better
🎉 we should be ready by early 2026
🎉 we aim to deliver it in 3 public conferences
🎉 first two modules are…
Yes yes I know macOS 26 is in beta, but it just tickles me that the quirky Setup Assistance ui bugs that were squashed in Sequoia are back!
_mbsetupuser TCC enforcement is non-standard. Coupled with an LPE this would be a cheeky way to mess with new hardware, as it was pre 15.3.
🎙️😍 Was stoked to talk nerdy on the @MacAdmPodcast! If you're interested in macOS malware, Apple security & detection, and much more, have a listen:
linkedin.com/feed/update/ur…
New RE Video:
youtube.com/watch?v=2Bj3rz…
Spent some time reversing a recent sample that uses a bit of obfuscation (made easier with a Binary Ninja script), sets up persistence, and uses curl APIs. This one is a little longer than usual but fun since I go through most of the sample.
I doubt that I was the first to find this quirky bug, however the impact of basically having tccd fail open was very easy to overlook. Remains unpatched in Ventura and Sonoma unfortunately.
This post by @theevilbit has inspired many subsequent successful tcc bypasses, including one I managed to obtain overnight on 15.5 beta 1.
Worth giving it a read, a re-read, a re-re-read, etc
kandji.io/blog/malware-b…
259K Followers 11K Followingex trading desk @ hokkaido ginko
user @ google maps street view
mid and small cap stocks/crypto mentions in reply = blocked
no nsfw, no check dm, no telegram
137 Followers 140 FollowingSecurity Analyst @Huntresslabs |
SGF2ZSBhIG5pY2UgZGF5IQ== |
Personal opinions and research are my own and don’t represent my employer
1K Followers 297 FollowingSecurity Engineer | Ex Red Team Lead now turned Blue Team | Author of SharpEDRChecker | Build, Hack, Break, Fix, Learn, Repeat | Every day is a school day!
956 Followers 339 FollowingCo-Founder of Phorion 🔍| Threat Detection and Response Manager at GitHub 👨💻| macOS researcher 🍎 | BlackHat speaker 2021 📢 Opinions are my own
10K Followers 3K Following“JESUS ANSWERED AND SAID TO HIM, “MOST ASSUREDLY, I SAY TO YOU, UNLESS ONE IS BORN AGAIN, HE CANNOT SEE THE KINGDOM OF GOD.”” - John 3:3 —-—- WATCH 👇🏼
2 Followers 172 FollowingRecruiting webshell engineers to penetrate websites, with a monthly salary of up to $100,000. If interested, please contact https://t.co/YWevbA8Qzz
618 Followers 832 FollowingSecurity Reseacher/ Hacking is my motto , Marathon/Trailrunner/Climbing On my way to be a Fakir ... (#rev13 on freenode, a_m00dy_ on Instagram )
137 Followers 140 FollowingSecurity Analyst @Huntresslabs |
SGF2ZSBhIG5pY2UgZGF5IQ== |
Personal opinions and research are my own and don’t represent my employer
4K Followers 1K FollowingHacker, security research architect for @Microsoft Defender.
Member of @thegooniesctf. Linux, Windows, Android, MacOS, iOS, ChromeOS, bare metal.
日本語オーケーです👌
6K Followers 3K FollowingHunt & Response Senior Manager @HuntressLabs || "Competition is the law of the jungle, but cooperation is the law of civilisation” - Kropotkin
2K Followers 1K FollowingSecurity Research @intel
IntelLabs/kAFL : HW assisted feedback fuzzer for x86 VMs
intel/tsffs : Coverage guided fuzzer built on SIMICS
2K Followers 1K FollowingSenior Security Research Engineer, Threat Research and Detection Development @Elastic, 179CPT Cyber Operations Technician 170A @MOARNG
1K Followers 874 Following'Don't miss opportunities because you think that ideas aren't important unless they're complicated. Simple ideas are often the most powerful.' -Patrick Winston
956 Followers 339 FollowingCo-Founder of Phorion 🔍| Threat Detection and Response Manager at GitHub 👨💻| macOS researcher 🍎 | BlackHat speaker 2021 📢 Opinions are my own
1K Followers 3 FollowingStay up-to-date with security fixes to Apple's ecosystem! 📲 💻 - Not affiliated with Apple Inc. 🍎 - @[email protected] 🐘 - @applsec.bsky.social 🦋