Phil Stokes, Author at SentinelOne

macOS Security Updates Part 1 | Discovering Changes to XProtect & Friends

Phil Stokes / January 6, 2020

Threat hunting on macOS also means keeping up with Apple security updates. This post begins a series on how to parse these updates to discover new threats.

labs

The Good, the Bad and the Ugly in Cybersecurity – Week 51

Phil Stokes / December 20, 2019

Apple gifts security researchers a new bug bounty program, Emotet plays on Christmas cheer and Chinese location tracker leaks data from 47 million devices.

labs

MacOS Malware Outbreaks 2019 | The Second 6 Months

Phil Stokes / December 18, 2019

The second half of 2019 has seen increased APT attention on macOS, while commodity malware up their game and aggressiveness to counter detection efforts

MacOS Update Whats New With Catalina 10.15.2 5

labs

macOS Catalina 10.15.2 Update: What’s New

Phil Stokes / December 12, 2019

Apple's latest update to Catalina brings bug fixes, security improvements and even some new features. We take a look at what's changed in macOS 10.15.2.

labs

macOS Red Team: Calling Apple APIs Without Building Binaries

Phil Stokes / December 5, 2019

AppleScript is the PowerShell of macOS but with more power and less scrutiny. Red teamers can emulate fileless attacks, build fast scripts & call Apple APIs

labs

The Good, the Bad and the Ugly in Cybersecurity – Week 48

Phil Stokes / November 29, 2019

Google tracks APTs and warns targeted users, thousands of CVE vulnerabilities go missing and Fortinet hands potential attackers hardcoded keys to encryption

labs

macOS Red Team: Spoofing Privileged Helpers (and Others) to Gain Root

Phil Stokes / November 25, 2019

Effective social engineering is all about context. Red teamers can easily spoof trusted apps on a user's Mac with a little AppleScript magic and good timing

labs

The Good, the Bad and the Ugly in Cybersecurity – Week 46

Phil Stokes / November 15, 2019

Tech giants join forces to improve safety of reusable code, Lizard Squad return with DDoS botnet attack & Windows Defender is defeated by a simple bypass.

labs

Privilege Escalation | macOS Malware & The Path to Root Part 2

Phil Stokes / November 13, 2019

Vulnerabilities and exploits discovered by researchers are rarely used in the wild by macOS threat actors, who have found other, easier ways to the same end.

Privilege Escalation MacOS Malware The Path To Root Part 1 1

labs

Security Research

Privilege Escalation | macOS Malware & The Path to Root Part 1

Phil Stokes / November 6, 2019

Researchers invest huge amounts of effort to uncover privilege escalations and develop exploits. What can we learn about macOS security from their work?