You know how ppl say you can't decompile run-only #AppleScript ... 😜 #macOS #security

One of the coolest new things in Binary Ninja 5.1? Pseudo Objective‑C. Huge shoutout to Mark, who actually wrote this before joining the team (talk about an overkill job application). If you’re digging into iOS, Swift, or kernelcaches, this one’s a game‑changer.

Hot on the heels of the researched published by @huntress.com, hunting for Zoom-themed lures from DPRK's #BlueNoroff 💥Learn hunting techniques 💥Leverage new Validin features and data 💥Full, unredacted indicator list (domains, IPs, hashes) www.validin.com/blog/zooming...

excited bc today @huntress.com is releasing our analysis of a gnarly intrusion into a web3 company by the DPRK's BlueNoroff!! 🤠 we've observed 8 new pieces of macOS malware from implants to infostealers! and they're actually good (for once)! www.huntress.com/blog/inside-...

Been busy this week digging in to a BlueNoroff attack.

Sadly no new ES events for macOS 26. There are a few nice event property updates and additions to the process structure though :)

Some good takeaways from @huntress.com’s recent Tradecraft Tuesday ft. Patrick Wardle: -The impact of Apple bringing TCC events to Endpoint Security -#Mac malware persistence techniques vs BTM -Security alert inundation for #macOS users Catch up here⤵️ www.huntress.com/blog/say-hel...

You asked, we delivered: Binary Ninja 5.0 brings major iOS reversing upgrades! DYLD Shared Cache is now a first-class feature, with up to 18x faster performance and way smarter analysis across the board. binary.ninja/2025/04/23/5...

finally got around to rewriting the copy as yara binja plugin! 🥰 has a few quality of life improvements (new formats) and address wildcarding is fixed for ARM! (sorry bout that mac homies) ❤️ it's also now available in the plugin repository! 🔥 github.com/ald3ns/copy-...

✅Are you well versed in Linux? ✅Do you understand Linux internals and eBPF? ✅ Do you like building out POCs? ✅Do you understand cyber threats and forensic artifacts? 💥Become a Principal Linux Researcher at @huntress.com Apply here: 👉 job-boards.greenhouse.io/huntress/job...

Finally! 🥳 objective-see.org/blog/blog_0x...

s1.ai/readup 🐚 Adware loaders are always the most complex! Props to @syrion89.bsky.social for helping me pull apart all these different bins and figuring out what they had in common and how to attribute and detect them. 🦾 #adware #malware #macOS #security @sentinelone.com @sentinellabs.bsky.social

macOS Malware Knowledge Base: I've been putting together a KB of sorts of macOS malware research. So next time you are writing about some malware family, you can just visit here and see all technical articles written about any particular family. Still a WIP. notes.crashsecurity.io/notes/b/06C7...

Trying to attribute DPRK cryptoheist activity? Here’s a quick pocket attribution guide Remember to practice your DPRK ABC(TT)s

Brilliant talk from @scott.hanselman.com on the realities on LLMs. The temperature demo is such a good way to explain the "magic" behind text generation. www.youtube.com/watch?v=kYUi...

Found these likely #Lazarus / #TraderTraitor domains w/ #Validin getcoinprice[.]info stocksindex[.]org wfinance[.]org stockinfo[.]io Read my how-to on leveraging Validin's exceptional visibility, history, and pivoting features for C2 infrastructure forensics: www.validin.com/blog/bybit_h...

For all my math peeps out there: 2025 is pretty amazing mathematical arrangement. 1. 2025 is a perfect square (45×45=2025) 2. 2025 is the sum of digits of cubes from 1 to 9 (1³ + 2³ + 3³ + ... + 9³ = 2025) 3. 2025 is the first square year after 1936 (Cont…)

Entering EOY PTO in the throes of a sleep regression is like taking a gulp of water after a run and realizing it’s tonic.

Our talk from @objective-see.bsky.social is now available online. Check out @re.wtf and I yap about macOS infostealers. www.youtube.com/watch?v=Hv6A...

📣I’m happy to announce that I’m planning to write a brand new “macOS Vulnerability Research” training. 🥳 Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.

I'm having #OBTS FOMO, so I decided to go ahead and make my own Apple security starter pack! I'm definitely missing folks on here, so feel free to DM me about anyone else who should be added! 🍎 go.bsky.app/gE3xQq

#OBTS has wrapped. Next year has so much on deck 👀 - TAOMM v2 book @patrickwardle - MacOS Threat Hunting book @jbradley89 - MacOS Vuln Training @theevilbit.bsky.social - OFTW v3 @objective_see - WeTalks v1 @x71n3 - OBTS v8 in Ibiza Awesome stuff coming from the macOS security space 🙌

Shout-out to the incredible Huntress crew for the special T-shirt 🏝️ and a killer #OBTS presentation by @stuartjash.bsky.social and @re.wtf!

Catch @greg-l.bsky.social and I talking about Mach-O binary similarity methods, YARA-X, and all the cool APT malware we pulled apart at #OBTS v7 today at 11:50am HST 🌺

Yesterday I got to present with the 🐐 @re.wtf. Such a blast talking thru infostealers and the telenovela that they’ve become. #OBTS really is the best, chillest conference out there. Excited for a second day of talks 🤓🍎

Good lineup of books! www.humblebundle.com/books/hackin...

@re.wtf 🐐 @stuartjash.bsky.social 🐐

Extremely excited to be giving a talk titled "Mac, Wheres My Bootstrap" tomorrow at #OBTS with @theevilbit.bsky.social! Join us live on YouTube or in-person at 2:40pm HST / 7:40pm EST. We'll be dropping a tool you can walk away with :)

@sentinelone.com is hiring - #macOS detection engineer. www.sentinelone.com/jobs/?gh_jid...

A few files in my macOS notes got updated, especially XProtect to reflect some its newer changes in macOS Sequoia. notes.crashsecurity.io/notes

Don't Panic! The answer: version 4.2 of Binary Ninja, is now available. Check out the release blog post which shows: - New PseudoC/Python/Rust decompilation - DLYD Shared Cache Support - WARP Signature System And many other impactful features. https://binary.ninja/2024/11/20/4.2-frogstar.html