Phil Stokes is a Research Engineer at SentinelOne, specializing in macOS threat intelligence, platform vulnerabilities and malware analysis. He began his journey into macOS security as a software developer, creating end user troubleshooting and security tools just at the time when macOS adware and commodity malware first began appearing on the platform. Phil has been closely following the development of macOS threats as well as researching Mac software and OS vulnerabilities since 2014.
Apple gifts security researchers a new bug bounty program, Emotet plays on Christmas cheer and Chinese location tracker leaks data from 47 million devices.
The second half of 2019 has seen increased APT attention on macOS, while commodity malware up their game and aggressiveness to counter detection efforts
Apple's latest update to Catalina brings bug fixes, security improvements and even some new features. We take a look at what's changed in macOS 10.15.2.
AppleScript is the PowerShell of macOS but with more power and less scrutiny. Red teamers can emulate fileless attacks, build fast scripts & call Apple APIs
Google tracks APTs and warns targeted users, thousands of CVE vulnerabilities go missing and Fortinet hands potential attackers hardcoded keys to encryption
Effective social engineering is all about context. Red teamers can easily spoof trusted apps on a user's Mac with a little AppleScript magic and good timing
Tech giants join forces to improve safety of reusable code, Lizard Squad return with DDoS botnet attack & Windows Defender is defeated by a simple bypass.
Vulnerabilities and exploits discovered by researchers are rarely used in the wild by macOS threat actors, who have found other, easier ways to the same end.
Researchers invest huge amounts of effort to uncover privilege escalations and develop exploits. What can we learn about macOS security from their work?
