🍎 Thank you @macsysadmin.bsky.social for having me! It was a blast as always! I'm already waiting for 2026. #msa2025 /photos by Jonas Jöreskog/

Did you see the news last week? 👀 Kandji announced Vulnerability Management to help IT and security teams identify, assess, prioritize, and remediate vulnerabilities on Mac devices - all through a unified workflow in a unified platform. Read more about it here: buff.ly/432J9E6

This week's news summary, we look briefly at the new phone before we look some beefy malware and vulnerabilities, some nice configuration profiles and updates. macadmins.news/issues/349 #Mac #MacAdmins #Apple

🍎🪳My last blog post in the storagekitd - diskarbitrationd vulnerability series, which I presented at #POC2024 and @blackhatevents.bsky.social #BHEU2024 as part of my "Apple Disk-O Party" talk, is up @kandji.bsky.social 's site: www.kandji.io/blog/macos-a...

First Apple🍎 macOS 💻 vulnerability of 2025 is submitted. 🥳 Full access to your iCloud documents...

Happy New Year! ❄️

Year In Sport 2024. Wasn't that good due to my lingering plantar fasciitis issue. But that is life, sometimes there are low moments, and coming out of those will make you stronger. Hopefully things will get better next year. ⛰️🏃

🏝️🥾🏃🌋I wrote about my hiking and trail running adventures in Maui, Hawaii, which I did right before #OBTS Enjoy! trails.exposure.co/maui-hawaii-...

🍎🪳Second part of the diskarbitrationd - storagekitd vulnerability blog series is out on @kandji.bsky.social 's blog. These vulnerabilities were presented at @blackhatevents.bsky.social #BHEU2024 and #POC2024 conferences as part of my "Apple Disk-O Party" talk. www.kandji.io/blog/macos-a...

📣I’m happy to announce that I’m planning to write a brand new “macOS Vulnerability Research” training. 🥳 Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.

☀️🏝️This is the day! Don’t miss it if you want to learn how to talk with launchd and how to generically detect XPC exploits. 🔥🔥🔥 #OBTS

Good lineup of books! www.humblebundle.com/books/hackin...

Extremely excited to be giving a talk titled "Mac, Wheres My Bootstrap" tomorrow at #OBTS with @theevilbit.bsky.social! Join us live on YouTube or in-person at 2:40pm HST / 7:40pm EST. We'll be dropping a tool you can walk away with :)

We are doing again a community run tomorrow. We will meet at the lobby, at the “Aloha” sign at 8AM, and run about 5k north on the beach and then back. #OBTS10k #OBTS

Entering last day of trainings with my colleagues from @kandji.bsky.social . There is always something new to learn in this field, and it’s great to learn directly from iOS experts @naehrdine.bsky.social and Sn0wfreeze #OBTS

@sentinelone.com is hiring - #macOS detection engineer. www.sentinelone.com/jobs/?gh_jid...

A dream came true. My first ever Sea To Summit climb, here on Maui. Climbed the 3055m high Haleakala volcano’s highest summit, Red Hill, from the ocean over 30kms. #OBTS

@vxundergroundre.bsky.social has been kind enough to host Banshee Stealer's leaked source code here. #macOS #InfoStealer #apple #malware github.com/vxundergroun...

🥾🏃⛰️ It was long time ago I last wrote about my runs or hikes. Below is a post about the trails I explored when I was in South Korea for the POC2024 conference. Enjoy! trails.exposure.co/on-the-trail...

Been a while since we've seen #macOS #malware abusing osacompile rather than plain osascript, but #Amos Atomic Stealer is nothing if not adaptable. SHA1: 51ef05c84eea3dde149a5dd3ea9916a824e95afc. A reminder that it's possible (didn't say easy 😅) to reverse compiled #applescript. s1.ai/fadedead

How does the new iOS inactivity reboot work? What does it protect from? I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented. naehrdine.blogspot.com/2024/11/reve...

Paged Out! #5 is out – enjoy! pagedout.institute And if you like the cover, we have wallpapers!

I was featured in PagedOut Issue #5 with my macOS notification forensics article (page 25). I find the whole idea of this magazine pretty cool. Lot's of interesting stuff in there!

Excellent stuff even though i’m not really a phone guy. Love the reversing and the detailed explanation of the process. 👏 👏 naehrdine.blogspot.com/2024/11/reve...

@theevilbit.bsky.social 's Apple Disk-O Party powerofcommunity.net/poc2024/Csab...

#Apple added three new rules for XCSSET - a #malware we’ve not seen since 2021 - to #XProtect this week as DubRobber F, G & H in v5282. Curious, to say the least.

Bunch of new Amos/Atomic #macOS #infostealers if you pivot off ```behaviour_processes:"sh -c curl -s https[:]//api.ipify[.]org/?format=text" tag:macho``` Low detections on V(h/t x.com/malwrhuntert...) #malware #apple #cybersecurity

Apple M4 devices can't virtualize macOS versions prior to 13.4. Hopefully this will get fixed. More info here: developer.apple.com/forums/threa...

Last week, we released new research about new Mac #malware with TTPs consistent with suspected DPRK #APT BlueNoroff. s1.ai/BNThief. This week, friends-of-NK say we’re shills for US gov. 😂 easternherald.com/2024/11/10/s... Hate to break it to ‘em, but that ain’t how we roll. 😆

Looks like there is an issue running Monterey VMs on M4 devices. I tried both UTM and VirtualBuddy, and UTM have an open issue on this: github.com/utmapp/UTM/i...

Finder hangs (with the beachball) for a few seconds every time I delete an app. This happens even on a brand new Mac. Anyone knows why is that and how to fix it (if possible)?

Last week we made our first Open Source release of Santa version 2024.10 github.com/northpolesec... Highlights: 1. Streamlined UI with silencing options and added a button to copy relevant data to the clipboard to help users report issues / blocks to security

🍎🐛🎙️Following my #poc2024 talk we are releasing a blogpost series at Kandji, detailing the vulnerabilities of diskarbitrationd and storagekitd I discussed in my "Apple Disk-O Party" talk. First part is out, and covers CVE-2024-44175. www.kandji.io/blog/macos-a...

Thank you POC for having me! It was an awesome conference! #poc2024

🍎Another awesome blogpost from my colleagues Chris and Adam about a recently discovered macOS malware. 🎉 www.kandji.io/blog/fake-cl...

Proud of my colleagues who have driven the work on this - we just launched a huge amount of security material for PCC (Private Cloud Compute), including a new security guide, Virtual Research Environment, and source code https://security.apple.com/blog/pcc-security-research/

As always, Hacktivity Conference in Budapest was a blast! Great talks, and was good to see old friends and meet new people. See you in 2025! /photos by Dávid Tóth - thanks! 🙏/

👏 Kudos to the Apple engineers who worked on my storagekitd - diskarbitrationd vuln patches. The patch: ⭕️ had to be applied across multiple components ⭕️ had to account for multiple vulns, where the patches could have messed up each other ⭕️ involved a very complex process flaw

🍎🗒️ New macOS persistence blog post. 🎉 ➡️ Persist through the NVRAM - The 'apple-trusted-trampoline' Meet the rc.trampoline launchd 🚀 boot task. theevilbit.github.io/beyond/beyon...

I pushed a massive update to @axelexic 's CSOps project, doing bug fixes and adding new functionality. I plan to add even more stuff later. If you want to play with the csops system call on macOS, this is the tool 👇 github.com/axelexic/CSOps

🆕🍎 My new blogpost at Kandji about how Apple attempts to mitigate some installer script vulnerabilities using "Install Script Actions" and "Install Script Mutations" in the PackageKit framework. blog.kandji.io/apple-mitiga...