Phil Stokes, Author at SentinelOne

11 Ways To Tweak Radare2 For Faster And Easier MacOS Malware Analysis 3

Phil Stokes / October 31, 2023

Simplifying radare2 for macOS malware research, these tips and tricks will help to improve workflow and supercharge productivity.

labs

macOS Malware 2023 | A Deep Dive into Emerging Trends and Evolving Techniques

Phil Stokes / October 16, 2023

Apple’s security measures are evolving, but macOS malware is still one step ahead. Learn how to keep the Macs in your fleet safe from attackers.

labs

Sonoma in the Spotlight | What’s New and What’s Missing in macOS 14

Phil Stokes / September 27, 2023

Explore macOS 14 Sonoma. Learn what's new and what Apple might have overlooked in the latest release of its desktop operating system.

Bloated Binaries How To Detect And Analyze Multi Megabyte MacOS Malware 8

labs

Security Research

Bloated Binaries | How to Detect and Analyze Large macOS Malware Files

Phil Stokes / August 29, 2023

Massive malware binaries are becoming more common on macOS and can cause problems for detection and analysis. Here's how we can successfully deal with them.

New MacOS XLoader Variant Masquerades As Signed OfficeNote App By Dinesh Devadoss And Phil Stokes 7

labs

XLoader’s Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Dinesh Devadoss & Phil Stokes / August 21, 2023

Notorious botnet and infostealer XLoader makes a return to macOS with a new dropper and malware payload.

3 Hidden Facts About MacOS Security Every Security Team Should Know 8

labs

Mac Admins | Why Apple’s Silent Approach to Endpoint Security Should be a Wake-Up Call

Phil Stokes / August 2, 2023

There's a lot of security-related events quietly going on under the hood of macOS that could indicate a compromise, but your security team may never know.

labs

Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release

Phil Stokes / July 25, 2023

Crimeware actors have launched an extensive campaign to target macOS users with malware disguised in multiple fake blockchain games.

labs

BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection

Phil Stokes / July 5, 2023

Threat actors are using increasingly sophisticated forms of evasion and anti-analysis as they respond to increased attention to macOS security in the enterprise.

labs

JokerSpy | Unknown Adversary Targeting Organizations with Multi-Stage macOS Malware

Phil Stokes / June 28, 2023

JokerSpy appears to be part of a larger campaign that is likely targeting more organizations than currently known. Learn how to detect it and stay protected.

Automating String Decryption And Other Reverse Engineering Tasks In Radare2 With R2pipe By Phil Stokes 1

labs

Security Research

Automating String Decryption and Other Reverse Engineering Tasks in radare2 With r2pipe

Phil Stokes / June 21, 2023

Learn how to drive radare2 with r2pipe for automated binary analysis, string decryption and other common reversing tasks.

Phil Stokes

11 Ways to Tweak radare2 for Faster and Easier macOS Malware Analysis

macOS Malware 2023 | A Deep Dive into Emerging Trends and Evolving Techniques

Sonoma in the Spotlight | What’s New and What’s Missing in macOS 14

Bloated Binaries | How to Detect and Analyze Large macOS Malware Files

XLoader’s Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Mac Admins | Why Apple’s Silent Approach to Endpoint Security Should be a Wake-Up Call

Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release

BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection

JokerSpy | Unknown Adversary Targeting Organizations with Multi-Stage macOS Malware

Automating String Decryption and Other Reverse Engineering Tasks in radare2 With r2pipe