Stuart Ashenbrenner's Avatar

Stuart Ashenbrenner

@stuartjash.bsky.social

Principal macOS Security Researcher @ Huntress | πŸ€ Skill Development Coach | πŸ–ΌοΈπŸ“–

165 Followers  |  38 Following  |  8 Posts  |  Joined: 18.11.2023  |  2.1299

Latest posts by stuartjash.bsky.social on Bluesky

showing comparison of source code (left) and output of AppleScript decompiler.

showing comparison of source code (left) and output of AppleScript decompiler.

You know how ppl say you can't decompile run-only #AppleScript ... 😜 #macOS #security

07.11.2025 18:15 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 1
Post image Post image

One of the coolest new things in Binary Ninja 5.1? Pseudo Objective‑C. Huge shoutout to Mark, who actually wrote this before joining the team (talk about an overkill job application). If you’re digging into iOS, Swift, or kernelcaches, this one’s a game‑changer.

07.08.2025 14:44 β€” πŸ‘ 4    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Preview
Zooming through BlueNoroff Indicators with Validin | Validin Pivoting through recently-reported indicators to find BlueNoroff-associated domains

Hot on the heels of the researched published by @huntress.com, hunting for Zoom-themed lures from DPRK's #BlueNoroff

πŸ’₯Learn hunting techniques
πŸ’₯Leverage new Validin features and data
πŸ’₯Full, unredacted indicator list (domains, IPs, hashes)

www.validin.com/blog/zooming...

20.06.2025 17:24 β€” πŸ‘ 2    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Preview
Inside the BlueNoroff Web3 macOS Intrusion Analysis | Huntress Learn how DPRK's BlueNoroff group executed a Web3 macOS intrusion. Explore the attack chain, malware, and techniques in our detailed technical report.

excited bc today @huntress.com is releasing our analysis of a gnarly intrusion into a web3 company by the DPRK's BlueNoroff!! 🀠

we've observed 8 new pieces of macOS malware from implants to infostealers! and they're actually good (for once)!

www.huntress.com/blog/inside-...

18.06.2025 20:53 β€” πŸ‘ 29    πŸ” 19    πŸ’¬ 1    πŸ“Œ 2

Been busy this week digging in to a BlueNoroff attack.

18.06.2025 21:52 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Sadly no new ES events for macOS 26. There are a few nice event property updates and additions to the process structure though :)

09.06.2025 21:08 β€” πŸ‘ 4    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Say Hello to Mac Malware | Huntress In this month’s Tradecraft Tuesday, we talked about how threat actors are finetuning their macOS malware in order to maintain persistent access and avoid detection by Apple’s security features.

Some good takeaways from @huntress.com’s recent Tradecraft Tuesday ft. Patrick Wardle:
-The impact of Apple bringing TCC events to Endpoint Security
-#Mac malware persistence techniques vs BTM
-Security alert inundation for #macOS users
Catch up here‡️
www.huntress.com/blog/say-hel...

23.04.2025 13:15 β€” πŸ‘ 2    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0

You asked, we delivered: Binary Ninja 5.0 brings major iOS reversing upgrades! DYLD Shared Cache is now a first-class feature, with up to 18x faster performance and way smarter analysis across the board. binary.ninja/2025/04/23/5...

24.04.2025 19:44 β€” πŸ‘ 12    πŸ” 5    πŸ’¬ 1    πŸ“Œ 0
Post image

finally got around to rewriting the copy as yara binja plugin! πŸ₯°

has a few quality of life improvements (new formats) and address wildcarding is fixed for ARM! (sorry bout that mac homies) ❀️

it's also now available in the plugin repository! πŸ”₯

github.com/ald3ns/copy-...

15.04.2025 21:39 β€” πŸ‘ 7    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Principal Security Researcher - Linux Remote US

βœ…Are you well versed in Linux?
βœ…Do you understand Linux internals and eBPF?
βœ… Do you like building out POCs?
βœ…Do you understand cyber threats and forensic artifacts?

πŸ’₯Become a Principal Linux Researcher at @huntress.com

Apply here:

πŸ‘‰ job-boards.greenhouse.io/huntress/job...

01.04.2025 17:13 β€” πŸ‘ 6    πŸ” 4    πŸ’¬ 0    πŸ“Œ 0
Preview
TCCing is Believing Apple finally adds TCC events to Endpoint Security!

Finally! πŸ₯³ objective-see.org/blog/blog_0x...

28.03.2025 01:05 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Preview
ReaderUpdate Reforged | Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants A widespread campaign with binaries written in different source languages, ReaderUpdate presents unique challenges for detection and analysis.

s1.ai/readup
🐚 Adware loaders are always the most complex! Props to @syrion89.bsky.social for helping me pull apart all these different bins and figuring out what they had in common and how to attribute and detect them. 🦾 #adware #malware #macOS #security
@sentinelone.com @sentinellabs.bsky.social

25.03.2025 21:02 β€” πŸ‘ 7    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Preview
Notes

macOS Malware Knowledge Base: I've been putting together a KB of sorts of macOS malware research. So next time you are writing about some malware family, you can just visit here and see all technical articles written about any particular family. Still a WIP.
notes.crashsecurity.io/notes/b/06C7...

21.03.2025 17:16 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

Trying to attribute DPRK cryptoheist activity?

Here’s a quick pocket attribution guide

Remember to practice your DPRK ABC(TT)s

16.03.2025 17:28 β€” πŸ‘ 13    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0
Keynote: AI without the BS, for humans - Scott Hanselman - NDC London 2025
YouTube video by NDC Conferences Keynote: AI without the BS, for humans - Scott Hanselman - NDC London 2025

Brilliant talk from @scott.hanselman.com on the realities on LLMs. The temperature demo is such a good way to explain the "magic" behind text generation. www.youtube.com/watch?v=kYUi...

12.03.2025 21:55 β€” πŸ‘ 47    πŸ” 8    πŸ’¬ 1    πŸ“Œ 8
Preview
Lazarus Group Bybit Heist: C2 forensics | Validin An in-depth hunt for Lazarus APT group infrastructure related to the Bybit hack using Validin's host response and DNS databases.

Found these likely #Lazarus / #TraderTraitor domains w/ #Validin
getcoinprice[.]info
stocksindex[.]org
wfinance[.]org
stockinfo[.]io

Read my how-to on leveraging Validin's exceptional visibility, history, and pivoting features for C2 infrastructure forensics:
www.validin.com/blog/bybit_h...

11.03.2025 18:33 β€” πŸ‘ 5    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0
Post image

For all my math peeps out there: 2025 is pretty amazing mathematical arrangement.

1. 2025 is a perfect square (45Γ—45=2025)

2. 2025 is the sum of digits of cubes from 1 to 9 (1Β³ + 2Β³ + 3Β³ + ... + 9Β³ = 2025)

3. 2025 is the first square year after 1936

(Cont…)

01.01.2025 11:11 β€” πŸ‘ 350    πŸ” 129    πŸ’¬ 19    πŸ“Œ 21

Entering EOY PTO in the throes of a sleep regression is like taking a gulp of water after a run and realizing it’s tonic.

24.12.2024 00:15 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
#OBTS v7.0: "Stealer Crossing: New Horizons" - Alden Schmidt & Stuart Ashenbrenner
YouTube video by Objective-See Foundation #OBTS v7.0: "Stealer Crossing: New Horizons" - Alden Schmidt & Stuart Ashenbrenner

Our talk from @objective-see.bsky.social is now available online. Check out @re.wtf and I yap about macOS infostealers.
www.youtube.com/watch?v=Hv6A...

18.12.2024 18:36 β€” πŸ‘ 10    πŸ” 4    πŸ’¬ 1    πŸ“Œ 0
Post image

πŸ“£I’m happy to announce that I’m planning to write a brand new β€œmacOS Vulnerability Research” training. πŸ₯³

Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.

09.12.2024 12:00 β€” πŸ‘ 20    πŸ” 5    πŸ’¬ 0    πŸ“Œ 0

I'm having #OBTS FOMO, so I decided to go ahead and make my own Apple security starter pack! I'm definitely missing folks on here, so feel free to DM me about anyone else who should be added! 🍎

go.bsky.app/gE3xQq

05.12.2024 23:08 β€” πŸ‘ 4    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

#OBTS has wrapped. Next year has so much on deck πŸ‘€
- TAOMM v2 book @patrickwardle
- MacOS Threat Hunting book @jbradley89
- MacOS Vuln Training @theevilbit.bsky.social
- OFTW v3 @objective_see
- WeTalks v1 @x71n3
- OBTS v8 in Ibiza
Awesome stuff coming from the macOS security space πŸ™Œ

08.12.2024 17:38 β€” πŸ‘ 9    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Post image

Shout-out to the incredible Huntress crew for the special T-shirt 🏝️ and a killer #OBTS presentation by @stuartjash.bsky.social and @re.wtf!

07.12.2024 19:02 β€” πŸ‘ 7    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Catch @greg-l.bsky.social and I talking about Mach-O binary similarity methods, YARA-X, and all the cool APT malware we pulled apart at #OBTS v7 today at 11:50am HST 🌺

06.12.2024 20:43 β€” πŸ‘ 7    πŸ” 5    πŸ’¬ 1    πŸ“Œ 0
Post image

Yesterday I got to present with the 🐐 @re.wtf. Such a blast talking thru infostealers and the telenovela that they’ve become. #OBTS really is the best, chillest conference out there. Excited for a second day of talks πŸ€“πŸŽ

06.12.2024 20:22 β€” πŸ‘ 13    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0
Preview
Humble Tech Book Bundle: Hacking 2024 by No Starch Level up your hacking and skills with this tech bundle from No Starch. Learn to protect yourself and others! Pay what you want & support charity!

Good lineup of books! www.humblebundle.com/books/hackin...

02.12.2024 20:58 β€” πŸ‘ 20    πŸ” 8    πŸ’¬ 1    πŸ“Œ 1
Post image

@re.wtf 🐐 @stuartjash.bsky.social 🐐

06.12.2024 00:29 β€” πŸ‘ 7    πŸ” 2    πŸ’¬ 0    πŸ“Œ 1
Post image

Extremely excited to be giving a talk titled "Mac, Wheres My Bootstrap" tomorrow at #OBTS with @theevilbit.bsky.social! Join us live on YouTube or in-person at 2:40pm HST / 7:40pm EST. We'll be dropping a tool you can walk away with :)

05.12.2024 19:34 β€” πŸ‘ 9    πŸ” 3    πŸ’¬ 0    πŸ“Œ 1
Preview
Careers at SentinelOne Take a look at the open positions at SentinelOne. We're dedicated to defending enterprises across endpoints, containers, cloud workloads, and IoT devices in a single cybersecurity platform.

@sentinelone.com is hiring - #macOS detection engineer.

www.sentinelone.com/jobs/?gh_jid...

30.11.2024 12:41 β€” πŸ‘ 6    πŸ” 7    πŸ’¬ 0    πŸ“Œ 0

@stuartjash is following 20 prominent accounts