My slides are up at:

theevilbit.github.io/talks/

🍎 Thank you @macsysadmin.bsky.social for having me! It was a blast as always! I'm already waiting for 2026. #msa2025

/photos by Jonas Jöreskog/

Vulnerability Management: First Unified Platform to Detect & Remediate on Mac Kandji announces Kandji Vulnerability Management, which helps IT and security teams identify and remediate vulnerabilities through a unified workflow.

Did you see the news last week? 👀

Kandji announced Vulnerability Management to help IT and security teams identify, assess, prioritize, and remediate vulnerabilities on Mac devices - all through a unified workflow in a unified platform.

Read more about it here: buff.ly/432J9E6

#349 new iPhone: it's a 16e

This week's news summary, we look briefly at the new phone before we look some beefy malware and vulnerabilities, some nice configuration profiles and updates.

macadmins.news/issues/349

#Mac #MacAdmins #Apple

Uncovering Apple Vulnerabilities: diskarbitrationd and storagekitd Audit Part 3 Exploring CVE-2024-27848 & CVE-2024-44210: How macOS vulnerabilities in storagekitd allowed privilege escalation, how they were exploited & Apple’s patch.

🍎🪳My last blog post in the storagekitd - diskarbitrationd vulnerability series, which I presented at #POC2024 and @blackhatevents.bsky.social #BHEU2024 as part of my "Apple Disk-O Party" talk, is up @kandji.bsky.social 's site:

www.kandji.io/blog/macos-a...

First Apple🍎 macOS 💻 vulnerability of 2025 is submitted. 🥳 Full access to your iCloud documents...

Happy New Year! ❄️

Year In Sport 2024.

Wasn't that good due to my lingering plantar fasciitis issue. But that is life, sometimes there are low moments, and coming out of those will make you stronger. Hopefully things will get better next year. ⛰️🏃

Maui, Hawaii (ENG) by Csaba Fitzl on Exposure HUNGARIAN / MAGYAR

🏝️🥾🏃🌋I wrote about my hiking and trail running adventures in Maui, Hawaii, which I did right before #OBTS

Enjoy!

trails.exposure.co/maui-hawaii-...

Uncovering Apple Vulnerabilities: diskarbitrationd and storagekitd Audit Part 2 Part 2 of the audit Kandji's Threat Research team performed on the macOS diskarbitrationd & storagekitd system daemons, uncovering several vulnerabilities.

🍎🪳Second part of the diskarbitrationd - storagekitd vulnerability blog series is out on @kandji.bsky.social 's blog.

These vulnerabilities were presented at @blackhatevents.bsky.social #BHEU2024 and #POC2024 conferences as part of my "Apple Disk-O Party" talk.

www.kandji.io/blog/macos-a...

📣I’m happy to announce that I’m planning to write a brand new “macOS Vulnerability Research” training. 🥳

Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.

☀️🏝️This is the day! Don’t miss it if you want to learn how to talk with launchd and how to generically detect XPC exploits. 🔥🔥🔥 #OBTS

Humble Tech Book Bundle: Hacking 2024 by No Starch Level up your hacking and skills with this tech bundle from No Starch. Learn to protect yourself and others! Pay what you want & support charity!

Good lineup of books! www.humblebundle.com/books/hackin...

Extremely excited to be giving a talk titled "Mac, Wheres My Bootstrap" tomorrow at #OBTS with @theevilbit.bsky.social! Join us live on YouTube or in-person at 2:40pm HST / 7:40pm EST. We'll be dropping a tool you can walk away with :)

We are doing again a community run tomorrow. We will meet at the lobby, at the “Aloha” sign at 8AM, and run about 5k north on the beach and then back. #OBTS10k #OBTS

Entering last day of trainings with my colleagues from @kandji.bsky.social . There is always something new to learn in this field, and it’s great to learn directly from iOS experts @naehrdine.bsky.social and Sn0wfreeze #OBTS

Careers at SentinelOne Take a look at the open positions at SentinelOne. We're dedicated to defending enterprises across endpoints, containers, cloud workloads, and IoT devices in a single cybersecurity platform.

@sentinelone.com is hiring - #macOS detection engineer.

www.sentinelone.com/jobs/?gh_jid...

A dream came true. My first ever Sea To Summit climb, here on Maui. Climbed the 3055m high Haleakala volcano’s highest summit, Red Hill, from the ocean over 30kms. #OBTS

GitHub - vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages. Collection of malware source code for a variety of platforms in an array of different programming languages. - vxunderground/MalwareSourceCode

@vxundergroundre.bsky.social has been kind enough to host Banshee Stealer's leaked source code here. #macOS #InfoStealer #apple #malware
github.com/vxundergroun...

On the Trails of Seoul by Csaba Fitzl on Exposure Trail running story from South Korea.

🥾🏃⛰️ It was long time ago I last wrote about my runs or hikes. Below is a post about the trails I explored when I was in South Korea for the POC2024 conference. Enjoy!
trails.exposure.co/on-the-trail...

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts - SentinelLabs We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.

Been a while since we've seen #macOS #malware abusing osacompile rather than plain osascript, but #Amos Atomic Stealer is nothing if not adaptable. SHA1: 51ef05c84eea3dde149a5dd3ea9916a824e95afc.
A reminder that it's possible (didn't say easy 😅) to reverse compiled #applescript.
s1.ai/fadedead

Reverse Engineering iOS 18 Inactivity Reboot Wireless and firmware hacking, PhD life, Technology

How does the new iOS inactivity reboot work? What does it protect from?

I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.

naehrdine.blogspot.com/2024/11/reve...

Paged Out! #5 is out – enjoy! pagedout.institute
And if you like the cover, we have wallpapers!

I was featured in PagedOut Issue #5 with my macOS notification forensics article (page 25). I find the whole idea of this magazine pretty cool. Lot's of interesting stuff in there!

Reverse Engineering iOS 18 Inactivity Reboot Wireless and firmware hacking, PhD life, Technology

Excellent stuff even though i’m not really a phone guy. Love the reversing and the detailed explanation of the process. 👏 👏
naehrdine.blogspot.com/2024/11/reve...

@theevilbit.bsky.social 's Apple Disk-O Party

powerofcommunity.net/poc2024/Csab...

#Apple added three new rules for XCSSET - a #malware we’ve not seen since 2021 - to #XProtect this week as DubRobber F, G & H in v5282. Curious, to say the least.

low detection rates on macOS Amos malware on virustotal

Bunch of new Amos/Atomic #macOS #infostealers if you pivot off ```behaviour_processes:"sh -c curl -s https[:]//api.ipify[.]org/?format=text" tag:macho```
Low detections on V(h/t x.com/malwrhuntert...) #malware #apple #cybersecurity

Apple M4 devices can't virtualize macOS versions prior to 13.4. Hopefully this will get fixed. More info here:
developer.apple.com/forums/threa...

BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence SentinelLabs has observed a suspected DPRK threat actor targeting Crypto-related businesses with novel multi-stage malware.

Last week, we released new research about new Mac #malware with TTPs consistent with suspected DPRK #APT BlueNoroff. s1.ai/BNThief. This week, friends-of-NK say we’re shills for US gov. 😂 easternherald.com/2024/11/10/s...
Hate to break it to ‘em, but that ain’t how we roll. 😆