Phil Stokes, Author at SentinelOne | Page 2 of 19

ABOUT

VISIT SENTINELONE.COM

Phil Stokes

Phil Stokes is a Research Engineer at SentinelOne, specializing in macOS threat intelligence, platform vulnerabilities and malware analysis. He began his journey into macOS security as a software developer, creating end user troubleshooting and security tools just at the time when macOS adware and commodity malware first began appearing on the platform. Phil has been closely following the development of macOS threats as well as researching Mac software and OS vulnerabilities since 2014.

ReaderUpdate Reforged | Melting Pot of macOS Malware Adds Go to Crystal, Nim and Rust Variants

From the Front Lines | 10 minute read

CasS Leaks Ftr

Security & Intelligence

Censorship as a Service | Leak Reveals Public-Private Collaboration to Monitor Chinese Cyberspace

Alex Delamotte, Aleksandar Milenkoski & Dakota Cary / February 21, 2025

Data leak reveals how a top tier cybersecurity vendor helps the PRC enforce content monitoring and manipulation of public opinion in China.

macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed

From the Front Lines | 9 minute read

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

From the Front Lines | 15 minute read

DPRK Front V3 Ftr

DPRK IT Workers | A Network of Active Front Companies and Their Links to China

Tom Hegel & Dakota Cary / November 21, 2024

SentinelLABS has identified multiple deceptive websites linked to businesses in China fronting for North Korea's fake IT workers scheme.

BNThief Feature

Advanced Persistent Threat

BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence

Raffaele Sabato, Phil Stokes & Tom Hegel / November 7, 2024

SentinelLABS has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware.

macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools

From the Front Lines | 8 minute read

macOS Sequoia | What’s New in Privacy and Security for Enterprise?

macOS | 9 minute read

From Amos to Poseidon | A SOC Team’s Guide to Detecting macOS Atomic Stealers 2024

From the Front Lines | 11 minute read

Exploring VT Bus Ftr

Security Research

Exploring the VirusTotal Dataset | An Analyst’s Guide to Effective Threat Research

Aleksandar Milenkoski & Jose Luis Sánchez Martínez (VirusTotal) / August 29, 2024

We teamed up with VirusTotal to take a deep dive into the platform's extensive query capabilities through both the web and API interfaces.

1 2 3 4 … 19

Next

SentinelLabs

In the era of interconnectivity, when markets, geographies, and jurisdictions merge in the melting pot of the digital domain, the perils of the threat ecosystem become unparalleled. Crimeware families achieve an unparalleled level of technical sophistication, APT groups are competing in fully-fledged cyber warfare, while once decentralized and scattered threat actors are forming adamant alliances of operating as elite corporate espionage teams.

Recent Posts

Silent Brothers | Ollama Hosts Form Anonymous AI Network Beyond Platform Guardrails
January 29, 2026
LABScon25 Replay | How to Bug Hotel Rooms v2.0
January 21, 2026
LLMs in the SOC (Part 1) | Why Benchmarks Fail Security Operations Teams
January 20, 2026

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

Twitter
LinkedIn

©2026 SentinelOne, All Rights Reserved.