@theevilbit.bsky.social
macOS Security -- Trail running ๐ -- Mountains โฐ -- Tolkien fan
My slides are up at:
theevilbit.github.io/talks/
๐ Thank you @macsysadmin.bsky.social for having me! It was a blast as always! I'm already waiting for 2026. #msa2025
/photos by Jonas Jรถreskog/
Did you see the news last week? ๐
Kandji announced Vulnerability Management to help IT and security teams identify, assess, prioritize, and remediate vulnerabilities on Mac devices - all through a unified workflow in a unified platform.
Read more about it here: buff.ly/432J9E6
This week's news summary, we look briefly at the new phone before we look some beefy malware and vulnerabilities, some nice configuration profiles and updates.
macadmins.news/issues/349
#Mac #MacAdmins #Apple
๐๐ชณMy last blog post in the storagekitd - diskarbitrationd vulnerability series, which I presented at #POC2024 and @blackhatevents.bsky.social #BHEU2024 as part of my "Apple Disk-O Party" talk, is up @kandji.bsky.social 's site:
www.kandji.io/blog/macos-a...
First Apple๐ macOS ๐ป vulnerability of 2025 is submitted. ๐ฅณ Full access to your iCloud documents...
08.01.2025 11:18 โ ๐ 6 ๐ 0 ๐ฌ 0 ๐ 0
Happy New Year! โ๏ธ
01.01.2025 15:19 โ ๐ 1 ๐ 0 ๐ฌ 0 ๐ 0
Year In Sport 2024.
Wasn't that good due to my lingering plantar fasciitis issue. But that is life, sometimes there are low moments, and coming out of those will make you stronger. Hopefully things will get better next year. โฐ๏ธ๐
๐๏ธ๐ฅพ๐๐I wrote about my hiking and trail running adventures in Maui, Hawaii, which I did right before #OBTS
Enjoy!
trails.exposure.co/maui-hawaii-...
๐๐ชณSecond part of the diskarbitrationd - storagekitd vulnerability blog series is out on @kandji.bsky.social 's blog.
These vulnerabilities were presented at @blackhatevents.bsky.social #BHEU2024 and #POC2024 conferences as part of my "Apple Disk-O Party" talk.
www.kandji.io/blog/macos-a...
๐ฃIโm happy to announce that Iโm planning to write a brand new โmacOS Vulnerability Researchโ training. ๐ฅณ
Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.
โ๏ธ๐๏ธThis is the day! Donโt miss it if you want to learn how to talk with launchd and how to generically detect XPC exploits. ๐ฅ๐ฅ๐ฅ #OBTS
06.12.2024 20:18 โ ๐ 8 ๐ 0 ๐ฌ 0 ๐ 0
Good lineup of books! www.humblebundle.com/books/hackin...
02.12.2024 20:58 โ ๐ 20 ๐ 8 ๐ฌ 1 ๐ 1
Extremely excited to be giving a talk titled "Mac, Wheres My Bootstrap" tomorrow at #OBTS with @theevilbit.bsky.social! Join us live on YouTube or in-person at 2:40pm HST / 7:40pm EST. We'll be dropping a tool you can walk away with :)
05.12.2024 19:34 โ ๐ 9 ๐ 3 ๐ฌ 0 ๐ 1We are doing again a community run tomorrow. We will meet at the lobby, at the โAlohaโ sign at 8AM, and run about 5k north on the beach and then back. #OBTS10k #OBTS
05.12.2024 19:08 โ ๐ 0 ๐ 0 ๐ฌ 0 ๐ 0
Entering last day of trainings with my colleagues from @kandji.bsky.social . There is always something new to learn in this field, and itโs great to learn directly from iOS experts @naehrdine.bsky.social and Sn0wfreeze #OBTS
04.12.2024 20:22 โ ๐ 6 ๐ 0 ๐ฌ 0 ๐ 0
@sentinelone.com is hiring - #macOS detection engineer.
www.sentinelone.com/jobs/?gh_jid...
A dream came true. My first ever Sea To Summit climb, here on Maui. Climbed the 3055m high Haleakala volcanoโs highest summit, Red Hill, from the ocean over 30kms. #OBTS
01.12.2024 06:20 โ ๐ 13 ๐ 0 ๐ฌ 0 ๐ 0
@vxundergroundre.bsky.social has been kind enough to host Banshee Stealer's leaked source code here. #macOS #InfoStealer #apple #malware
github.com/vxundergroun...
๐ฅพ๐โฐ๏ธ It was long time ago I last wrote about my runs or hikes. Below is a post about the trails I explored when I was in South Korea for the POC2024 conference. Enjoy!
trails.exposure.co/on-the-trail...
Been a while since we've seen #macOS #malware abusing osacompile rather than plain osascript, but #Amos Atomic Stealer is nothing if not adaptable. SHA1: 51ef05c84eea3dde149a5dd3ea9916a824e95afc.
A reminder that it's possible (didn't say easy ๐
) to reverse compiled #applescript.
s1.ai/fadedead
How does the new iOS inactivity reboot work? What does it protect from?
I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
Paged Out! #5 is out โย enjoy! pagedout.institute
And if you like the cover, we have wallpapers!
I was featured in PagedOut Issue #5 with my macOS notification forensics article (page 25). I find the whole idea of this magazine pretty cool. Lot's of interesting stuff in there!
19.11.2024 10:20 โ ๐ 8 ๐ 1 ๐ฌ 0 ๐ 0
Excellent stuff even though iโm not really a phone guy. Love the reversing and the detailed explanation of the process. ๐ ๐
naehrdine.blogspot.com/2024/11/reve...
@theevilbit.bsky.social 's Apple Disk-O Party
powerofcommunity.net/poc2024/Csab...
#Apple added three new rules for XCSSET - a #malware weโve not seen since 2021 - to #XProtect this week as DubRobber F, G & H in v5282. Curious, to say the least.
15.11.2024 00:02 โ ๐ 5 ๐ 1 ๐ฌ 2 ๐ 1
low detection rates on macOS Amos malware on virustotal
Bunch of new Amos/Atomic #macOS #infostealers if you pivot off ```behaviour_processes:"sh -c curl -s https[:]//api.ipify[.]org/?format=text" tag:macho```
Low detections on V(h/t x.com/malwrhuntert...) #malware #apple #cybersecurity
Apple M4 devices can't virtualize macOS versions prior to 13.4. Hopefully this will get fixed. More info here:
developer.apple.com/forums/threa...
Last week, we released new research about new Mac #malware with TTPs consistent with suspected DPRK #APT BlueNoroff. s1.ai/BNThief. This week, friends-of-NK say weโre shills for US gov. ๐ easternherald.com/2024/11/10/s...
Hate to break it to โem, but that ainโt how we roll. ๐
