Stoked for the next (ad)venture: "DoubleYou" techcrunch.com/2024/04/25/ex… Cofounded w/ long-time friend @hexlogic, we're empowering those building security tools for Apple devices 🍎🛡️ And by bootstrapping this venture, our core value of democratizing security remains our focus!

Lineup for the next (free!) Objective for the We #OFTW is 🔥 📍 Berlin 🗓️ July 30–31, 2026 Join us! 🤩 Only ~2 weeks left to apply: objective-see.org/oftw/v4.ht…

Fable: "a short, fictional story intended to teach a moral lesson." Maybe the moral? Don't wholly trust Claude Fable (or AI in general) just yet. 🤔😂

I think the scope may be a bit narrower here: the events seem to fire only when the parent/descendant chain are the instigators, not when they’re merely the targets. I just tested this on macOS 27 and that appears to match the behavior. gist.github.com/teodorsoresc…

<insert happy noises> 🤩 Looking forward to seeing y'all at @defcon!! 😍

Neat bug and solid payout! 🙌🏼 And much better than their previous approach, which involved calling your boss and threatening to involve the FBI ...true story! 🫣🤦🏻‍♂️ forbes.com/sites/thomasbrews…

The SEP plugin now supports iOS 27. You can try it with a decrypted SEP sep-firmware.d38.RELEASE.im4p fc4c4c25e2720a3ef8c424abb30919a1bdbcdcf50bb92d16b9292704085b5338340e717c957585ff62654ec4e12ce2d0

If you are experiencing this, it is probably related to this known issue: “Devices configured with Reduced Security … might also be prevented from allowing kernel extensions or disabling System Integrity Protection.” See workaround there. developer.apple.com/document…

ℹ️ BlockBlock v2.5.0 adds a new feature that can alert you whenever a downloaded script is about to execute. Designed to complement "Notarization" Mode, it provides an additional layer of protection against potentially unsafe content before it runs. 🛡️ objective-see.org/products/b…

yasss, this is delightful 🤩 Handling ES deadlines has always been complex(ish) (e.g. don't forget to use a mach_timebase_info when converting "mach time" to nanoseconds on Apple Silcon!) 😵‍💫 ...and if you got it wrong (and missed a deadline) the kernel would just kill you! ☠️

I mean, @Apple always just straight up asks for advance copies of slides ...under the guise "to provide researchers with feedback"?! 😂 Still better than the time they showed up in person and asked me to pull a talk 🙄😂

Coding assembly == CRIME @AnthropicAI @claudeai

I just found this old macos EDR evasion persistency office sandbox bypass technique I made like 5 years ago Crazy to look back to how we worked security before AI I literally: - Found a similar article mentioning this persistency by the o.g. @patrickwardle in python, but no poc was published and my target environment had blocked python - DM'd the guy, picked his brain - Spent something like an entire day getting 4 lines of code to work (javascript->objective c bridge, such a mess of a syntax) I bet today this would've be possible to generate within a single prompt if it was properly baked. Anyway I open-sourced it github.com/forefy/JXA-Persis…

RT @MarceloRivero: Fake LumaNotch macOS app = #NovaStealer (#MioLab) 🧐 🎭 site = near 1:1 clone of dynamichorizon[.]app 🧾 #ClickFix shows a…

New macOS Backdoor "FlutterShell" 🍎🐛 Discovered & analyzed by @PaloAltoNtwks @Unit42_Intel 🙌🏼 "weaponizes AI summarization features for data exfiltration by routing documents through an attacker-controlled server before processing them " 👀🔥 unit42.paloaltonetworks.com/…