Phil Stokes, Author at SentinelOne

Bloated Binaries How To Detect And Analyze Multi Megabyte MacOS Malware 8

Phil Stokes / August 29, 2023

Massive malware binaries are becoming more common on macOS and can cause problems for detection and analysis. Here's how we can successfully deal with them.

New MacOS XLoader Variant Masquerades As Signed OfficeNote App By Dinesh Devadoss And Phil Stokes 7

labs

XLoader’s Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Dinesh Devadoss & Phil Stokes / August 21, 2023

Notorious botnet and infostealer XLoader makes a return to macOS with a new dropper and malware payload.

3 Hidden Facts About MacOS Security Every Security Team Should Know 8

labs

Mac Admins | Why Apple’s Silent Approach to Endpoint Security Should be a Wake-Up Call

Phil Stokes / August 2, 2023

There's a lot of security-related events quietly going on under the hood of macOS that could indicate a compromise, but your security team may never know.

labs

Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release

Phil Stokes / July 25, 2023

Crimeware actors have launched an extensive campaign to target macOS users with malware disguised in multiple fake blockchain games.

labs

BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection

Phil Stokes / July 5, 2023

Threat actors are using increasingly sophisticated forms of evasion and anti-analysis as they respond to increased attention to macOS security in the enterprise.

labs

JokerSpy | Unknown Adversary Targeting Organizations with Multi-Stage macOS Malware

Phil Stokes / June 28, 2023

JokerSpy appears to be part of a larger campaign that is likely targeting more organizations than currently known. Learn how to detect it and stay protected.

Automating String Decryption And Other Reverse Engineering Tasks In Radare2 With R2pipe By Phil Stokes 1

labs

Security Research

Automating String Decryption and Other Reverse Engineering Tasks in radare2 With r2pipe

Phil Stokes / June 21, 2023

Learn how to drive radare2 with r2pipe for automated binary analysis, string decryption and other common reversing tasks.

labs

macOS 14 Sonoma | Toughening up macOS for the Enterprise?

Phil Stokes / June 8, 2023

What's new in the latest macOS upgrade? Take a tour around some of the enhancements as Apple looks to make macOS better suited for the workplace.

Radare2 Power Ups Delivering Faster MacOS Malware Analysis With R2 Customization 5

labs

Security Research

Radare2 Power Ups | Delivering Faster macOS Malware Analysis With r2 Customization

Phil Stokes / May 31, 2023

Learn how to customize radare2 with user-defined aliases, macros and functions for faster and easier binary diffing and analysis.

labs

Geacon Brings Cobalt Strike Capabilities to macOS Threat Actors

Phil Stokes & Dinesh Devadoss / May 15, 2023

An uptick in malicious macOS payloads contain Cobalt Strike Beacons written in Go and derived from a Chinese open-source repository.

Phil Stokes

Bloated Binaries | How to Detect and Analyze Large macOS Malware Files

XLoader’s Latest Trick | New macOS Variant Disguised as Signed OfficeNote App

Mac Admins | Why Apple’s Silent Approach to Endpoint Security Should be a Wake-Up Call

Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release

BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection

JokerSpy | Unknown Adversary Targeting Organizations with Multi-Stage macOS Malware

Automating String Decryption and Other Reverse Engineering Tasks in radare2 With r2pipe

macOS 14 Sonoma | Toughening up macOS for the Enterprise?

Radare2 Power Ups | Delivering Faster macOS Malware Analysis With r2 Customization

Geacon Brings Cobalt Strike Capabilities to macOS Threat Actors