Phil Stokes, Author at SentinelOne | Page 8 of 19

ABOUT

VISIT SENTINELONE.COM

Phil Stokes

Phil Stokes is a Research Engineer at SentinelOne, specializing in macOS threat intelligence, platform vulnerabilities and malware analysis. He began his journey into macOS security as a software developer, creating end user troubleshooting and security tools just at the time when macOS adware and commodity malware first began appearing on the platform. Phil has been closely following the development of macOS threats as well as researching Mac software and OS vulnerabilities since 2014.

The Good, the Bad and the Ugly in Cybersecurity – Week 37

The Good, the Bad and the Ugly | 5 minute read

6 Pro Tricks For Rapid MacOS Malware Triage With Radare2 7

Security Research

6 Pro Tricks for Rapid macOS Malware Triage with Radare2

Phil Stokes / August 30, 2021

Learn more about reversing real-world macOS malware in this new series for intermediate to advanced analysts, starting with these r2 tips!

The Good, the Bad and the Ugly in Cybersecurity – Week 35

The Good, the Bad and the Ugly | 5 minute read

The Good, the Bad and the Ugly in Cybersecurity – Week 33

The Good, the Bad and the Ugly | 5 minute read

Massive New AdLoad Campaign Goes Entirely Undetected By Apples XProtect 5

Security Research

Massive New AdLoad Campaign Goes Entirely Undetected By Apple’s XProtect

Phil Stokes / August 11, 2021

Learn how to detect the latest variant of this widespread adware and browser hijacker, its infection pattern and indicators of compromise.

Detecting XLoader | A macOS ‘Malware-as-a-Service’ Info Stealer and Keylogger

macOS | 8 minute read

The Good, the Bad and the Ugly in Cybersecurity – Week 30

The Good, the Bad and the Ugly | 5 minute read

The Good, the Bad and the Ugly in Cybersecurity – Week 27

The Good, the Bad and the Ugly | 4 minute read

Bypassing MacOS TCC User Privacy Protections By Accident And Design 8

Security Research

Bypassing macOS TCC User Privacy Protections By Accident and Design

Phil Stokes / July 1, 2021

TCC is meant to protect user data from unauthorized access, but design flaws mean users and malware can bypass TCC, even by accident.

macOS Monterey and Security: Things To Know About

macOS | 17 minute read

1 … 6 7 8 9 10 … 19

Next

SentinelLabs

In the era of interconnectivity, when markets, geographies, and jurisdictions merge in the melting pot of the digital domain, the perils of the threat ecosystem become unparalleled. Crimeware families achieve an unparalleled level of technical sophistication, APT groups are competing in fully-fledged cyber warfare, while once decentralized and scattered threat actors are forming adamant alliances of operating as elite corporate espionage teams.

Recent Posts

LLMs & Ransomware | An Operational Accelerator, Not a Revolution
December 15, 2025
Malicious Apprentice | How Two Hackers Went From Cisco Academy to Cisco CVEs
December 10, 2025
LABScon25 Replay | Simulation Meets Reality: How China’s Cyber Ranges Fuel Cyber Operations
November 25, 2025

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

Twitter
LinkedIn

©2025 SentinelOne, All Rights Reserved.