I picked up a copy of @jbradley89’s new “Threat Hunting macOS” book at #OBTS. Opened it up to Section 12 on Passwords and immediately learned something new

Incase you missed it, I dropped my new book “Threat Hunting macOS” last month. You can purchase it from my website if you’re interested! https://t.co/wOlMwj3NkU

My new read just arrived! Thanks for the copy @jbradley89 and congrats on the second book.

The printed copies of my new book have arrived and will be shipping mid October. Here is a first look! Pre orders still available at https://t.co/BV5MX9C6Jc

Checkout our blog post on “ChillyHell”. A modular backdoor for macOS that was signed and notarized by a threat actor tracked as UNC4487. https://t.co/eYFfik2h0o

Had a great time discussing my upcoming book with @davisrichardg at @13CubedDFIR. Richard is a pleasure to talk to and a true technology wizard. Check out his trainings for macOS forensics! Books still available for pre-order at themittenmac website https://t.co/A9y7As9QK5

My next book is open for pre-orders!!! I have included the first two chapters in audiobook form for free. You can listen to them now on my website or you can listen and read the sample on Apple Books. Looking forward to getting it into your hands. https://t.co/wOlMwj4las

Santa delivered my brand new book: “The Art of Mac Malware Vol II: Detecting Malicious Software” 🍎🛡️🐛👨🏻‍💻📚🥰 Three years in the making(!) this 2nd volume in the TAOMM series covers the heuristic-based detection of macOS malware Buy direct via @nostarch: https://t.co/M7Da6k59Vk

I’m working on a new book Thank you to all those who told me my first book has helped them in the macOS world in some way This book focuses on the internals necessary to build detections and perform analysis of intrusions on macOS Any shares to help measure interest helps!

Join me at 3:00ish pm HST to see some fun machO research. Lots of amazing talks before and after too!

Today we released a blog post detailing how threat actors are using the Flutter Engine to build malware for macOS. This results in a very complex app architecture that is difficult to reverse. Check out the details here... https://t.co/joP4RJgL7D

My bug CVE-2024-44131 got patched on iOS 18.0. It’s an iOS TCC bypass bug that lets third-party apps access data stored on iCloud Drive. I’ll be sharing the technical details, along with demo screenshots of leaking (encrypted) WhatsApp backup data, on the Jamf Blog.

I finished Snake&Apple VIII, an introduction to #Apple #App #Sandbox on #macOS. Inside, you will find info about kernel extension and how Sandbox Profiles are enforced to mitigate the risks of successful macOS #malware #infection. https://t.co/7vbA0Sngwu Enjoy reading! 👨‍💻

The FBI recently sent a warning out regarding DPRK activity against the crypto industry. Today, we documented attacks we've seen on macOS. Attacks start with social engineering and deliver a piece of malware that we call ThiefBucket. https://t.co/9QbC9OoCXn #malware

This was very good last year, @jbradley89 is an excellent trainer

Honored to speak on the makers track at #FTSCon with some of these great presenters

Some awesome Gatekeeper vulnerability research from @malwarezoo that lead to the discovery of vulnerabilities in other products. Check it out on our blog when you get time.

TrueTree 0.8 is out. Its primary difference is that when displaying the tree , it will attempt to use other pids only if the parent process of that given process id is launchd. You also now have the ability to display only the process name with --nopath https://t.co/8wMqU282CO