Took some time recently to dive into in-memory Mach-O execution on macOS. I dig into the API calls necessary to perform reflective code loading, present my Swift implementation, cover nuances on Big Sur vs Monterey, and how to detect it on Monterey!.

RT @jaredcatkinson: Data is gold and Snowflake is full of it. BloodHound now understands Snowflake’s access model. Map who can reach your….

RT @Frichette_n: ec2-instance-connect:SendSSHPublicKey might be my on of my favorite API calls. Have privilege at the control plane and wan….

Some Python code that leverages FFI to interface with macOS libraries to pull the unique hardware UUID. An alternative to the system_profiler binary that may be useful :).

This is so cool :). "Santa also supports file access authorization (FAA), restricting access to specific files and ensuring . approved applications . can interact with them. We’ve leveraged this to secure browser cookies on Figma laptops".

RIP --load-extension, you were good to us red teamers

RT @wtsdev: It's a write-up a year in the. waiting. Enjoy everyone!.

My team is hiring a high-mid to senior engineer! You’ll be joining a brilliant team that delivers high-impact assessments with lots of visibility :). Please apply if interested and let me know if you have any questions!.

RT @d_tranman: Had a lot of fun digging into COM stuff with @bohops recently! We ended up finding a way to laterally move without dropping….

RT @GrahamHelton3: I see we're doing the quarterly open source tools/research debate again. I'll just say this:. Phishing got much harder w….

RT @patrickwardle: . and a big mahalo to the (many) brilliant researchers whose work laid the foundation for this! 🙏🏽 .

Really awesome work by @patrickwardle, simple and elegant :).

RT @_MG_: Well now that it’s out there… Everyone on the Red Team was amazing. We pulled off some great operations. I personally have my ha….

Opening on our Blue Team, please apply if it sounds interesting :). It's a great team that my team partners with often (obviously).

RT @DefSecSentinel: #MacOS defense products that rely solely on reactive measures like YARA or a "magic" Machine Learning Model, that relie….

RT @BillDemirkapi: Just Published 👉 Secrets and Shadows: Leveraging Big Data for Vulnerability Discovery at Scale! Impacted orgs include Cr….

RT @theevilbit:

RT @_ColeMurray: I recently read through Meta's Llama 3 paper. Their approach to synthetic data for code generation is interesting. I dug i….

Really cool approach to mapping out nested permissions in @SnowflakeDB check this post out! :).

RT @SnowflakeDB: There has been a lot of attention on a cybersecurity incident involving Snowflake. We want everyone to have the latest and….

RT @0xMatt: PSA for Cybersecurity folk: Our co-workers are tired of being "tricked" by phishing exercises y'all, and it is making them hate….