SentinelLabs Logo RGB WhitePurp
ABOUT
CONTACT
VISIT SENTINELONE.COM

Phil Stokes

Phil Stokes is a Research Engineer at SentinelOne, specializing in macOS threat intelligence, platform vulnerabilities and malware analysis. He began his journey into macOS security as a software developer, creating end user troubleshooting and security tools just at the time when macOS adware and commodity malware first began appearing on the platform. Phil has been closely following the development of macOS threats as well as researching Mac software and OS vulnerabilities since 2014.
How A New MacOS Malware Dropper Delivers VindInstaller Adware 5
labs

How a New macOS Malware Dropper Delivers VindInstaller Adware

Phil Stokes / June 29, 2020

A recently-discovered macOS malware dropper uses a new trick to deliver known malware, bypassing signature-based AV detections along the way.

Read More
9 Big Surprises For Enterprise Security Coming In MacOS Big Sur 5
labs

macOS Big Sur | 9 Big Surprises for Enterprise Security

Phil Stokes / June 24, 2020

Some big changes are coming to macOS security. We round up the most significant developments announced at WWDC 2020 that could affect enterprise security.

Read More
Blog Weekly Weekly
labs

The Good, the Bad and the Ugly in Cybersecurity – Week 24

Phil Stokes / June 12, 2020

Election 2020 security gets a boost, researchers reveal more Intel side-channel attacks, and hackers-for-hire target U.S. nonprofit and advocacy groups.

Read More
15 MacOS Power Tricks For Security Pros 4
labs

15 macOS Power Tricks for Security Pros

Phil Stokes / June 8, 2020

No matter how long you use macOS, there's always some new trick to learn, some undiscovered tool, or some better way to accomplish a routine task.

Read More
Blog Weekly LinkedIn Alt
labs

The Good, the Bad and the Ugly in Cybersecurity – Week 21

Phil Stokes / May 22, 2020

Cops take down ransomware gang targeting hospitals, Winnti hacker group takes aim at game developers and new ShinyHunters data broker emerges on the darknet.

Read More
Hackers On Macs   What Are The Must Have Apps Tools  8
labs

Hackers on Macs: Must-Have Apps & Tools

Phil Stokes / May 13, 2020

New to macOS and wondering what tools are available for security researchers and infosec practitioners? Here's our guide to some of the best tools and apps.

Read More
So How Do Macs Get Infected  4
labs

macOS Security: How Do Macs Really Get Infected?

Phil Stokes / May 6, 2020

It's not only by downloading cracked sofware that unwary Apple Mac users end up with a dose of malware. Let's explore how bad actors target macOS in the wild.

Read More
Blog Weekly Weekly
labs

The Good, the Bad and the Ugly in Cybersecurity – Week 18

Phil Stokes / May 1, 2020

Shade ransomware appears to bow out, critical vulns found in MS Teams and Sophos firewall products, and the Maze crew threaten to leak 11m credit card creds.

Read More
Blog Weekly Weekly
labs

The Good, the Bad and the Ugly in Cybersecurity – Week 15

Phil Stokes / April 10, 2020

A university transitions 22,000 to full remote in a week, a new IoT botnet kills rivals and prevents reboots, and scammers target ethical hacker wannabes.

Read More
Is SearchMine Adware Teeing Up Your Endpoints For Other Threat Actors  1
labs

Is SearchMine Adware Teeing Up Your Endpoints For Other Threat Actors?

Phil Stokes / April 1, 2020

A recent update to a notorious macOS browser hijacker exfiltrates data about the device environment and installed apps. Now what could they want that for?

Read More
Previous
1 … 11 12 13 14 15 … 20
Next

SentinelLabs

In the era of interconnectivity, when markets, geographies, and jurisdictions merge in the melting pot of the digital domain, the perils of the threat ecosystem become unparalleled. Crimeware families achieve an unparalleled level of technical sophistication, APT groups are competing in fully-fledged cyber warfare, while once decentralized and scattered threat actors are forming adamant alliances of operating as elite corporate espionage teams.

Recent Posts

  • macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
    macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
    June 23, 2026
  • LABScon25 Replay | Keynote: Steps to an Ecology of Cyber
    LABScon25 Replay | Keynote: Steps to an Ecology of Cyber
    June 11, 2026
  • LABScon25 Replay | Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine
    LABScon25 Replay | Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine
    June 2, 2026

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

  • Twitter
  • LinkedIn
©2026 SentinelOne, All Rights Reserved.