SentinelLabs Logo RGB WhitePurp
ABOUT
CVE DATABASE
CONTACT
VISIT SENTINELONE.COM

Phil Stokes

Phil Stokes is a Research Engineer at SentinelOne, specializing in macOS threat intelligence, platform vulnerabilities and malware analysis. He began his journey into macOS security as a software developer, creating end user troubleshooting and security tools just at the time when macOS adware and commodity malware first began appearing on the platform. Phil has been closely following the development of macOS threats as well as researching Mac software and OS vulnerabilities since 2014.
sentinelone

The Good, the Bad and the Ugly in Cybersecurity – Week 15

The Good, the Bad and the Ugly | 4 minute read
Read More >
sentinelone

The Good, the Bad and the Ugly in Cybersecurity – Week 13

The Good, the Bad and the Ugly | 4 minute read
Read More >
New MacOS Malware XcodeSpy Targets Xcode Developers With EggShell Backdoor 6
labs
Security & Intelligence

New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor

Phil Stokes / March 18, 2021

Targeting software developers is one route to a successful supply chain attack. Now threat actors are going after Apple developers through the Xcode IDE.

Read More
sentinelone

The Good, the Bad and the Ugly in Cybersecurity – Week 10

The Good, the Bad and the Ugly | 4 minute read
Read More >
sentinelone

Silver Sparrow Malware: 5 Things You Need to Know

macOS | 7 minute read
Read More >
20 Common Tools Techniques Used By MacOS Threat Actors Malware 6
labs
Security Research

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

Phil Stokes / February 16, 2021

Threat hunting on macOS? These are the tools malware most often leverages, with ITW examples, MITRE behavioral indicators and links to further research.

Read More
sentinelone

The Good, the Bad and the Ugly in Cybersecurity – Week 7

The Good, the Bad and the Ugly | 5 minute read
Read More >
sentinelone

The Good, the Bad and the Ugly in Cybersecurity – Week 4

The Good, the Bad and the Ugly | 4 minute read
Read More >
FADE DEAD   Adventures In Reversing Malicious Run Only AppleScripts 2
labs
Security Research

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

Phil Stokes / January 11, 2021

We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.

Read More
sentinelone

The Good, the Bad and the Ugly in Cybersecurity – Week 1

The Good, the Bad and the Ugly | 4 minute read
Read More >
Previous
1 … 7 8 9 10 11 … 19
Next

SentinelLabs

In the era of interconnectivity, when markets, geographies, and jurisdictions merge in the melting pot of the digital domain, the perils of the threat ecosystem become unparalleled. Crimeware families achieve an unparalleled level of technical sophistication, APT groups are competing in fully-fledged cyber warfare, while once decentralized and scattered threat actors are forming adamant alliances of operating as elite corporate espionage teams.

Recent Posts

  • Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
    Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
    June 9, 2025
  • FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network
    FreeDrain Unmasked | Uncovering an Industrial-Scale Crypto Theft Network
    May 8, 2025
  • Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries
    Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today’s Adversaries
    April 28, 2025

Sign Up

Get notified when we post new content.

Thanks! Keep an eye out for new content!

  • Twitter
  • LinkedIn
©2025 SentinelOne, All Rights Reserved.