RSS.Social

Objective-See's Blog

follow: @[email protected]

Posts

The Mac Malware of 2024

Restoring Reflective Code Loading on macOS

The Hidden Treasures of Crash Reports

Apple Gets an 'F' for Slicing Apples

Why Join The Navy If You Can Be A Pirate?

Analyzing DPRK's SpectralBlur

The Mac Malware of 2023

It's Turtles All The Way Down

The LockBit ransomware (kinda) comes for macOS

Ironing out (the macOS) details of a Smooth Operator (Part II)

Ironing out (the macOS) details of a Smooth Operator (Part I)

Where there is love, there is ...malware?

The Mac Malware of 2022

How Shlayer Hides its Configuration

SeaFlower 藏海花

From The DPRK With Love

Analyzing OSX.DazzleSpy

SysJoker, the first (macOS) malware of 2022!

The Mac Malware of 2021

Where's the Interpreter!?

OSX.CDDS (MacMa): A Sophisticated Watering Hole Campaign Drops A New macOS Implant!

Made In America: Green Lambert for OS X

Analysis of CVE-2021-30860

Made in China: OSX.ZuRu

OSX.Hydromac

All Your Macs Are Belong To Us

Creating Shield

Arm'd & Dangerous

Discharging ElectroRAT

The Mac Malware of 2020

Detecting SSH Activity via Process Monitoring

Adventures in Anti-Gravity (Part II)

Adventures in Anti-Gravity (Part I)

Property List Parsing Bug(s)

FinFisher Filleted

Apple Approved Malware

Office Drama on macOS

CVE-2020–9854: "Unauthd"

CVE-2020–9934: Bypassing TCC for Unauthorized Access

Low-Level Process Hunting on macOS

OSX.EvilQuest Uncovered (part two)

OSX.EvilQuest Uncovered (part one)

Tiny SHell Under the Microscope

TCCing is Believing: Apple finally adds TCC events to Endpoint Security!

Leaking Passwords (and more!) on macOS

This Meeting Should Have Been an Email

The Dacls RAT ...now on macOS!

The 'S' in Zoom, Stands for Security

Sniffing Authentication References on macOS

Weaponizing a Lazarus Group Implant

The Mac Malware of 2019

Mass Surveillance, is an (un)Complicated Business

Lazarus Group Goes 'Fileless'

[0day] Abusing XLM Macros in SYLK Files

Pass the AppleJeus

Writing a File Monitor with Apple's Endpoint Security Framework

Writing a Process Monitor with Apple's Endpoint Security Framework

Getting Root with Benign AppStore Apps

Burned by Fire(fox) (Part III)

Burned by Fire(fox) (Part II)

Burned by Fire(fox) (Part I)

"Objective by the Sea" v2.0

Rootpipe Reborn (Part II)

Rootpipe Reborn (Part I)

Mac Adware, à la Python

Death by vmmap

Middle East Cyber-Espionage (part two)

The Mac Malware of 2018

Middle East Cyber-Espionage

Word to Your Mac

[0day] Mojave's Sandbox is Leaky

A Deceitful 'Doctor' in the Mac App Store

Remote Mac Exploitation Via Custom URL Schemes

[0day] Synthetic Reality

Escaping the Microsoft Office Sandbox

A Remote iOS Bug

[0day] Bypassing SIP via Sandboxing

Block Blocking Login Items

OSX.Dummy

Cache Me Outside

Breaking macOS Mojave (Beta)

When Disappearing Messages Don't Disappear

An Insecurity in Apple's Security Framework?

Who Moved My Pixels?!

A Surreptitious Cryptocurrency Miner in the Mac App Store?

Tearing Apart the Undetected (OSX)Coldroot RAT

Analyzing OSX/CreativeUpdater

Analyzing CrossRAT

An Unpatched Kernel Bug

Ay MaMi - Analyzing a New macOS DNS Hijacker

All Your Docs Are Belong To Us

Mac Malware of 2017

Why _blank_ Gets You Root

From the Top to the Bottom; Tracking down CVE-2017-7149

High Sierra's 'Secure Kernel Extension Loading' is Broken

WTF is Mughthesec!? poking on a piece of undetected adware

OSX/MacRansom; analyzing the latest ransomware to target macs

OSX/Proton.B; a brief analysis, 6 miles up

HandBrake Hacked! OSX/Proton (re)Appears

Two Bugs, One Func(), part three

Two Bugs, One Func(), part two

Two Bugs, One Func(), part one

Happy Birthday to Objective-See

From Italy With Love?

New Attack, Old Tricks

Mac Malware of 2016

'Untranslocating' an App

[0day] Bypassing Apple's System Integrity Protection

Forget the NSA, it's Shazam that's always listening!

Click File, App Opens

Persisting via a Finder Sync

Are you from the Mac App Store?

Towards Generic Ransomware Detection

Analysis of an Intrusive Cross-Platform Adware; OSX/Pirrit

HackingTeam Reborn; A Brief Analyis of the RCS Implant Installer

Analyzing the Anti-Analysis Logic of an Adware Installer

Monitoring Process Creation via the Kernel (Part III)

Monitoring Process Creation via the Kernel (Part II)

Monitoring Process Creation via the Kernel (Part I)

Kernel Debugging a Virtualized OS X El Capitan Image

Reversing to Engineer: Learning to 'Secure' XPC from a Patch

Building HackingTeam's OS X Implant For Fun & Profit

CVE-2015-3673: Goodbye Rootpipe...(for now?)

More on, "Adware for OS X Distributes Trojans"

Phoenix: RootPipe lives! ...even on OS X 10.10.3

Dylib Hijack Scanner Released

Website Launch