Phil Stokes is a Research Engineer at SentinelOne, specializing in macOS threat intelligence, platform vulnerabilities and malware analysis. He began his journey into macOS security as a software developer, creating end user troubleshooting and security tools just at the time when macOS adware and commodity malware first began appearing on the platform. Phil has been closely following the development of macOS threats as well as researching Mac software and OS vulnerabilities since 2014.
Facebook initiates a ban on deepfakes, Mozilla rush out a patch for in-the-wild exploit and a US government-funded phone comes with preinstalled malware.
Threat hunting on macOS also means keeping up with Apple security updates. This post begins a series on how to parse these updates to discover new threats.
Apple gifts security researchers a new bug bounty program, Emotet plays on Christmas cheer and Chinese location tracker leaks data from 47 million devices.
The second half of 2019 has seen increased APT attention on macOS, while commodity malware up their game and aggressiveness to counter detection efforts
Apple's latest update to Catalina brings bug fixes, security improvements and even some new features. We take a look at what's changed in macOS 10.15.2.
AppleScript is the PowerShell of macOS but with more power and less scrutiny. Red teamers can emulate fileless attacks, build fast scripts & call Apple APIs
Google tracks APTs and warns targeted users, thousands of CVE vulnerabilities go missing and Fortinet hands potential attackers hardcoded keys to encryption
Effective social engineering is all about context. Red teamers can easily spoof trusted apps on a user's Mac with a little AppleScript magic and good timing
Tech giants join forces to improve safety of reusable code, Lizard Squad return with DDoS botnet attack & Windows Defender is defeated by a simple bypass.
Vulnerabilities and exploits discovered by researchers are rarely used in the wild by macOS threat actors, who have found other, easier ways to the same end.
