SentinelLabs Logo RGB WhitePurp
ABOUT
CONTACT
VISIT SENTINELONE.COM

Phil Stokes

Phil Stokes is a Research Engineer at SentinelOne, specializing in macOS threat intelligence, platform vulnerabilities and malware analysis. He began his journey into macOS security as a software developer, creating end user troubleshooting and security tools just at the time when macOS adware and commodity malware first began appearing on the platform. Phil has been closely following the development of macOS threats as well as researching Mac software and OS vulnerabilities since 2014.
Blog Weekly Weekly
labs

The Good, the Bad and the Ugly in Cybersecurity – Week 4

Phil Stokes / January 22, 2021

Biden injects money & expertise into U.S. cybersecurity, scammers leave stolen enterprise creds in plain sight, and adult website leaks 2m users' details.

Read More
FADE DEAD   Adventures In Reversing Malicious Run Only AppleScripts 2
labs
Security Research

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

Phil Stokes / January 11, 2021

We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.

Read More
Blog Weekly Weekly
labs

The Good, the Bad and the Ugly in Cybersecurity – Week 1

Phil Stokes / January 1, 2021

CISA offers tool to aid IR teams in wake of SolarWinds, a COVID-19 testing lab is taken out by ransomware, and education charity GetSchooled gets pwned.

Read More
Blog Weekly Weekly
labs

The Good, the Bad and the Ugly in Cybersecurity – Week 50

Phil Stokes / December 11, 2020

Facebook fingers Vietnamese company behind APT32 activity, Russian APTs exploit critical VMware bug, and COVID vaccine approval body is hit by cyberattack.

Read More
APT32 Multi Stage MacOS Trojan Innovates On Crimeware Scripting Technique 7
labs
Adversary

APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique

Phil Stokes / December 2, 2020

Vietnamese-linked APT group OceanLotus have innovated and imitated in their latest macOS trojan, while also leaving a mysterious hard-coded calling card.

Read More
New GBU Weekly
labs

The Good, the Bad and the Ugly in Cybersecurity – Week 47

Phil Stokes / November 20, 2020

Users invited to give feedback on DoH security feature, REvil hits managed web hosting provider for $500K, and video-conferencing software lets in "ghosts".

Read More
What Happened To My Mac  Apples OCSP Apocalypse 2
labs

What Happened to My Mac? Apple’s OCSP Apocalypse

Phil Stokes / November 16, 2020

Macs worldwide became unresponsive last week while attempting to launch 3rd party apps. What caused the issue and what does it mean for your Mac's security?

Read More
MacOS Big Sur Has Landed   Heres 10 Essential Security Tips You Should Know 4
labs

macOS Big Sur Has Landed | 10 Essential Security Tips You Should Know

Phil Stokes / November 12, 2020

The latest iteration of Apple's macOS operating system, Big Sur, brings some big changes. Are you ready for its impact on enterprise security?

Read More
Blog Weekly Weekly
labs

The Good, the Bad and the Ugly in Cybersecurity – Week 45

Phil Stokes / November 6, 2020

Russian cops make a rare catch of prolific malware developer, Ragnar Locker goes on the rampage and leaked data threatens cannabis growers with exposure.

Read More
Resourceful MacOS Malware Hides In Named Fork 5
labs
Security Research

Resourceful macOS Malware Hides in Named Fork

Phil Stokes / November 5, 2020

Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.

Read More
Previous
1 … 9 10 11 12 13 … 20
Next

SentinelLabs

In the era of interconnectivity, when markets, geographies, and jurisdictions merge in the melting pot of the digital domain, the perils of the threat ecosystem become unparalleled. Crimeware families achieve an unparalleled level of technical sophistication, APT groups are competing in fully-fledged cyber warfare, while once decentralized and scattered threat actors are forming adamant alliances of operating as elite corporate espionage teams.

Recent Posts

  • macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
    macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
    June 23, 2026
  • LABScon25 Replay | Keynote: Steps to an Ecology of Cyber
    LABScon25 Replay | Keynote: Steps to an Ecology of Cyber
    June 11, 2026
  • LABScon25 Replay | Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine
    LABScon25 Replay | Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine
    June 2, 2026

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

  • Twitter
  • LinkedIn
©2026 SentinelOne, All Rights Reserved.