golby

DigitStealer: In-Depth Analysis of a New macOS Infostealer Jamf Threat Labs uncovers DigitStealer, a new macOS infostealer. Learn about its unique evasion techniques, multi-stage payload and how to protect your systems.

Another great writeup from @txhaflaire.bsky.social on a new stealer that Jamf is calling digitstealer.
www.jamf.com/blog/jtl-dig...

Oooh XProtect 5322 added XPScripts.yr. Guess they're going to start blocking malicious osascript and other interpreters now.

OBTS bound! #obtsv8

IQ Check: On-Device vs PCC — Reading the Signals Hidden on Your Mac Your Mac knows and can tell you specifically on device vs off device for Apple Intelligence

A year into Apple Intelligence, what do we know? Well your Mac knows the answers, just gotta ask the right questions.

Read “IQ Check: On-Device vs PCC — Reading the Signals Hidden on Your Mac“ by Bob Gendler on Medium: boberito.medium.com/iq-check-on-...

grnh.se/ifqakw3c4us
grnh.se/f227ti8h4us

Interested in Mac security research, reversing macOS malware, or detection engineering?

Jamf Threat Labs is hiring! We're looking for passionate individuals to join our team and and help push the boundaries of Apple security.

- Brno, Czechia
- Austin, Eau Claire, Minneapolis

GitHub - pstirparo/machofile: machofile is a module to parse Mach-O binary files machofile is a module to parse Mach-O binary files - pstirparo/machofile

🍎 machofile 🍏 first official release is finally live: github.com/pstirparo/ma...

It is a python module to parse #Mach-O binary files, with a focus on malware analysis and reverse engineering.
machofile is self-contained.

#macho #ios #reverseengineering #detection #threathunting #threatintel 1/3

Evolution of macOS Odyssey Stealer: New Techniques & Signed Malware Discover new technical insights into the Odyssey Stealer malware, including signed & notarized variants, SwiftUI-based social engineering, and advanced persistence techniques.

A great writeup by my coworker, @txhaflaire.bsky.social about a new variant (signed and notarized) of odyssey stealer.

www.jamf.com/blog/signed-...

Releases · usnistgov/macos_security macOS Security Compliance Project. Contribute to usnistgov/macos_security development by creating an account on GitHub.

Forgot to post this here the other day

Compliance updatepalooza.

Newly released updated mSCP compliance information for macOS Sequoia, macOS Sonoma, macOS Ventura, iOS 18, iOS 17, iOS 16, and visionOS.

github.com/usnistgov/ma...

🤓 My talk at AUSCERT has been released!

In this session, I break down:
- How threat actors are using generative AI,
- How to respond to AI-related breaches,
- And how to improve your AI security maturity with AI-specific incident response, Indicators of Prompt Compromise, and NOVA for […]

Well this is new 🙃

ugh could you imagine if there wasn't a new Turnstile album

So you wanna be a Hitter??!

This is what 101 mph Fastball & a 91 mph Slider looks like (from Chase Shores)

Inside the BlueNoroff Web3 macOS Intrusion Analysis | Huntress Learn how DPRK's BlueNoroff group executed a Web3 macOS intrusion. Explore the attack chain, malware, and techniques in our detailed technical report.

excited bc today @huntress.com is releasing our analysis of a gnarly intrusion into a web3 company by the DPRK's BlueNoroff!! 🤠

we've observed 8 new pieces of macOS malware from implants to infostealers! and they're actually good (for once)!

www.huntress.com/blog/inside-...

Cotton Bureau, is celebrating their 12th anniversary and they’re running a free shipping promo!

All products ship for free (inside the US) with the code Happy12. Int’l shipping is half-off. Promo ends 6/20.

So head to macadmins.org/store and upport the #macAdmins Foundation!

Latest test run: For the ones that failed, I either don’t have a current API key to test with or an instance of the service to test against. If folks can test and let me know, I’d be very grateful! Please submit an issue in GitHub if it’s broken. Thanks! 😀

#mlget has been updated - your 1 stop shop for finding malware across different services!

Grab an updated copy at github.com/xorhex/mlget...

Happy to add additional services if folks know of more!

Some services I no longer have access to for testing - see the Alt text for more info.

‎Universal STIG Browser ‎Universal STIG Browser is a native Apple platform app that allows users to open, view, filter, and export Security Technical Implementation Guides (STIGs) for all supported platforms as published by ...

I published my first app on the App Store! macOS, iPadOS, and visionOS!

apps.apple.com/us/app/unive...

Enjoy!

It's sooo good. It was killing me to know what the Never Enough transition to track 2 was all about and it did not disappoint.

Today, we’re thrilled to unveil the new Game Informer subscription program. We relaunched Game Informer in March so we could return to covering the games we ... Game Informer Magazine Print Subscriptions Are Available Now

Game Informer magazine subscriptions are back! 🎉 Lock in early bird pricing by joining today and receive a full year of 10 issues featuring more pages and improved paper. gameinformer.com/subscribe

📽️ youtu.be/xB-wxCebt1U?...
#GameInformer #Subscribe

Example of a website that entirely lives up to its name owlsintowels.org/gallery/

Related paths:
/Users/Shared/com.apple.xssooxxagent
/Library/LaunchDaemons/com.apple.xssooxxagent.plist
/tmp/.fseventsd

C2 URLs:
hXXp://download.termius.info/bn.log.enc
hXXp://download.termius.info/bn.log.md5

Jamf threat labs tracks this as ZuRu malware www.jamf.com/blog/jtl-mal...

Related hashes:
de8aca685871ade8a75e4614ada219025e2d6fd7 (Termius9.5.0.dmg)
7087be726590e35285c891dc60acec826a0c03d5 (Termius_final.dmg)
fa9b89d4eb4d47d34f0f366750d55603813097c1 (com.apple.xssooxxagent - persistent downloader)
a7a9b0f8cc1c89f5c195af74ce3add74733b15c0 (.fseventsd - Khepri)

Cross-posting @malwarezoo@bird.makeup

Modified versions of Termius (SSH client) were uploaded to VirusTotal. Contains a persistent downloader which fetches and decodes Khepri (an open-source post-exploitation tool).

/Applications/Termius.app/Contents/Fra... Helper .app/Contents/MacOS/.localized

Today I presented at #hackbcn some practical usecases integrating language models for reverse engineering purposes with #radare2 Check out my slides at radare.org/get/r2ai-hac...

Human-Centric IT Systems

Here are the slides and presentation notes from my talk today at MacAD in Brighton. We need to do better about building human-centric IT systems that serve your business goals, and your people.

My son is so depressed. Time for him to root for the Knicks.

Unpacking PyInstaller Malware on macOS Jamf Threat Labs discovers malware: learn how attackers are using PyInstallers to deploy infostealers.

Check out our (@txhaflaire.bsky.social ) blog post where we unpack and analyze an undetected PyInstaller sample. You'll never guess what it ended up being... www.jamf.com/blog/pyinsta...

MAF Mac Admins 10th Anniversary - Rainbow Dark by Mac Admins Foundation Celebrate 10 years of Mac Admins with this super limited run shirt. Featuring a custom "disco ball" logo on the front and the MAC badge on the nape of the neck on the back. We hope you enjoy this "par...

New store. New merch! Come and get it #macAdmins!

Check it out: “MAF Mac Admins 10th Anniversary - Rainbow Dark” by Mac Admins Foundation on @cottonbureau.com — cottonbureau.com/p/CGM2X5/shi....

#MAF10for10 #macAdmin #Apple

Playoff hockey is the best hockey!