SentinelLabs Logo RGB WhitePurp
ABOUT
CONTACT
VISIT SENTINELONE.COM

Phil Stokes

Phil Stokes is a Research Engineer at SentinelOne, specializing in macOS threat intelligence, platform vulnerabilities and malware analysis. He began his journey into macOS security as a software developer, creating end user troubleshooting and security tools just at the time when macOS adware and commodity malware first began appearing on the platform. Phil has been closely following the development of macOS threats as well as researching Mac software and OS vulnerabilities since 2014.
MacOS Notarization  Security Hardening Or Security Theatre  1
labs

What is macOS Notarization? – An Easy Guide 101

Phil Stokes / September 11, 2019

Apple want developers to fight malware by adopting Notarization but what exactly is it, why is it controversial and why might it not slow down attackers?

Read More
MacOS Incident Response   Part 3  System Manipulation 1
labs
Security Research

macOS Incident Response | Part 3: System Manipulation

Phil Stokes / September 4, 2019

How can you detect system manipulations by malware, local or remote attackers on macOS? Find out in the final part of our series on macOS Incident Response.

Read More
Blog Weekly LinkedIn Alt
labs

The Good, the Bad and the Ugly in Cybersecurity – Week 35

Phil Stokes / August 30, 2019

French police take down a massive botnet, Google reveal multiple vulnerabilities in Apple's iOS and the US Gov't discloses details of an Iranian cyberattack.

Read More
MacOS Incident Response   Part 2  User Data Activity And Behavior 2
labs
Security Research

macOS Incident Response | Part 2: User Data, Activity and Behavior

Phil Stokes / August 28, 2019

What can we learn about user activity and behavior on a compromised Mac? Learn about the hidden and obfuscated data stores Apple use on the macOS platform.

Read More
MacOS Incident Response   Part 1  Collecting Device File System Data 1
labs
Security Research

macOS Incident Response | Part 1: Collecting Device, File & System Data

Phil Stokes / August 21, 2019

How should you investigate an infected Mac? Has there been lateral movement, data exfiltration, system manipulation? Learn macOS incident response here.

Read More
Blog Weekly LinkedIn Alt
labs

The Good, the Bad and the Ugly in Cybersecurity – Week 33

Phil Stokes / August 16, 2019

U.S. Cyber Command continues to fight the good fight, Tavis Ormandy reveals a critical Windows vuln and Kaspersky Labs have been exposing users to online tracking

Read More
Copy Of MALWARE HUNTING ON MACOS 1
labs

Malware Hunting on macOS | A Practical Guide

Phil Stokes / July 10, 2019

Do you want to know if your Mac is infected by malware? What should you look for and where should you look for it? Find out in this practical guide.

Read More
Rishi Deep QtnUbHeiOE0 Unsplash 1 1600x900
labs

10 macOS Malware Outbreaks from 2019

Phil Stokes / July 1, 2019

The first half of 2019 has seen at least 10 new macOS malware outbreaks. Be sure you're up to date with the latest Apple threats with our biannual review.

Read More
Everything You Wanted To Know About The Recent FireFox 0 Days 2
labs

How Two Firefox Zero Days Led to Two macOS Backdoors

Phil Stokes / June 26, 2019

An attack on Coinbase used two Firefox 0-days and two macOS backdoors. How did they do it, and how can you be sure you're protected from it? Find out here.

Read More
How Malware Persists On MacOS 1
labs

How Malware Persists on macOS

Phil Stokes / June 17, 2019

Malware, exploit kits and threat actors have many ways to persist on Apple's macOS. Find out whether your security solution has all the bases covered.

Read More
Previous
1 … 15 16 17 18 19 20
Next

SentinelLabs

In the era of interconnectivity, when markets, geographies, and jurisdictions merge in the melting pot of the digital domain, the perils of the threat ecosystem become unparalleled. Crimeware families achieve an unparalleled level of technical sophistication, APT groups are competing in fully-fledged cyber warfare, while once decentralized and scattered threat actors are forming adamant alliances of operating as elite corporate espionage teams.

Recent Posts

  • macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
    macOS.Gaslight | Rust Backdoor Turns Prompt Injection on the Analyst, Not the Sandbox
    June 23, 2026
  • LABScon25 Replay | Keynote: Steps to an Ecology of Cyber
    LABScon25 Replay | Keynote: Steps to an Ecology of Cyber
    June 11, 2026
  • LABScon25 Replay | Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine
    LABScon25 Replay | Gamaredon x Turla: Unveiling a 2025 Espionage Alliance Targeting Ukraine
    June 2, 2026

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

  • Twitter
  • LinkedIn
©2026 SentinelOne, All Rights Reserved.