I'm thrilled to announce I'll be starting a monthly publication: [ret]2read -- An OS Internals Newsletter! 🍎⚙️ Each month, I'll discuss something I'm working on (like designing a kernel fuzzer for macOS 👀), and how I am applying different techniques, tools, and research to my

Apple released a new XProtect update this week. I don't know how many changes I've tracked, but it's a lot. If you want to see the history of the XProtect yara updates (which rules have changed, added, removed), I have them all here. https://t.co/iksmOZVQeS

NEW macOS 26.0 🥫🍝 sauce! 🎉 xnu: https://t.co/d1DjJsStqx dyld: https://t.co/iKYiWSpxcV objc4: https://t.co/Kvp9wWc8lU Security: https://t.co/IqmyOIcvsE Libsystem: https://t.co/JflpfJ49II Libc: https://t.co/eLTMJ2n2tJ - this post was generated by `ipsw` 🤖

🎙️ Why talk about "AI Employees" instead of agents? Maybe the paradigm of employee feedback and performance management is the future of agent observability and evaluation... On our latest episode of Deployed we talk with @surojit, founder of @Ema_Unlimited, about his lessons

The #OBTS community is simply incredible!! 😍 From trainers & speakers to students & attendees, you made this the best #OBTS yet 🙏🏽 Photos, recordings & slides coming soon!

Back home after an incredible time at #OBTS! Was inspiring meeting incredible people and experiencing the beautiful island of Ibiza. A huge thanks to @patrickwardle and @andyrozen for having me :)

GIVEAWAY TIME! 🍎♥️🤘 In case you missed the opportunity to grab yours, celebrating the success of #OBTS V8 in Ibiza 🇪🇸 @objective_see (@andyrozen), and special thanks to @osint_barbie, we will be holding a giveaway of @patrickwardle "The art of Mac Malware" books - Vol. I

How does your chat with ChatGPT usually end? It doesn’t — you just stop typing. But therapy works differently. Closure matters. In Mira, every session has a beginning, a process, and an end. It closes with a Coping Card — a short summary of your key insights and tools to help

We love it when American Airlines cancels your flights and doesn’t reschedule you lol

Imperative research!

Does anyone else just drink hot water, or is that weird?

🔔 Push Alert: SPL💥ITLIGHT just landed live. A cheeky Spotlight plugin slid past TCC (CVE-2025-31199), giving the search bar a backstage pass into Apple Intelligence — DB peeks, sensitive queries, even odd multi-user cross-talk. On stage: Christine Fossaceca @x71n3 (@Microsoft

I have two numbers for you... $53 billion and $450 billion. That's $53 billion straight to the bottom line of Big Insurance with zero benefit to taxpayers. Some would call that fraud. And that's $450 billion more from your pockets if the Biden COVID credits are extended.

Christine @x71n3 and JBO (@yo_yo_yo_jbo ) (& Alexia Wilson) from @Microsoft showed #OBTS how Spotlight just got too bright. 😬 They found a macOS TCC bypass (#CVE-2025-31199) that abuses Spotlight to get your private data - locally and remotely - and showed how to detect!

Sal (@malwarezoo) from @jamf gave an excellent talk at #OBTS of how Apple tracks and revokes malicious apps. But Revoked doesn’t always mean Vanquished! Sal found a Gatekeeper/CDHash weakness that brings blocked apps back to life — no re-signing required. #CVE-2025-43296

It is time to look at another great talk from the 2025 BSides312 event. In this one, Olivia Gallucci talks about unlocking MacOS internals. They explain it form a standpoint of breaking down Apple's open source ecosystem. #BSides #BSides312 #MacOS https://t.co/XCVU5K8xs6

A new paper about SPTM, TXM and Exclaves has been released. It might be a good introductory read for the DeepDive into SPTM, TXM, SK and Exclaves training later this year.

🍹 Day 2 — Evening wrap (six talks, brains buzzing) #OBTS 🍏 – 🧪 Beyond Static Labels — behavior-first grayware: deception • persistence • monetization • consent • payload; Adload (2016–2025) proves stickers lie, behavior tells. Rousana Charles – 🧭 Who Cares Where Waldo Is

Watch the talk here: https://t.co/0Pee5JJf4R #OBTS

Olivia (@oliviagalluccii) from @datadoghq entertained #OBTS, showing us how macOS logs everything, diving into ULS, ESF, and TCC.db to hunt threats like Atomic Stealer & XCSSET, and using tools like Consolation3, eslogger, Mac Monitor to catch evil!

In a nutshell: Create tradable AI agents in less than 1min, with the x402 protocol embedded in their autonomous pipeline. Enabling them to transact with other fellow agents or with humans. A powerful addition to the most powerful agent creation flow in the space.

Penultimate talk of #OBTS day 2 by @OliviaGalluccii on using ES & Unified Log to understand and detect malware

📖 man macOS-internals(1) — threat detection for humans Olivia Gallucci @OliviaGalluccii | #OBTS 🍏 NAME Logs, ESF & automation risks — what attackers touch, what defenders can see. CORE ULS + ESF + TCC.db = where the truth lives (and lies try to hide). TOOLS Consolation3,

🧾 AFTER-TALK COMMIT — macOS Internals for Threat Detection Engineers Author: Olivia Gallucci @OliviaGalluccii | #OBTS 🍏 •logs: ULS turned from diary → deposition 🔍 •ESF: follow fork→exec with eslogger / ESFPlayground (no firehose) •TCC.db: consent vs. reality mapped

Behind the scenes at #OBTS Lots of great questions, insightful discussions, and that unique sense of community you only find here. Huge thanks to @patrickwardle for bringing together such an inspiring crowd! 🙌 #Moonlock #ObjectiveByTheSea