golby
@golby.bsky.social
macOS Threat and Detections Researcher @ Jamf
Another great writeup from @txhaflaire.bsky.social on a new stealer that Jamf is calling digitstealer.
www.jamf.com/blog/jtl-dig...
www.jamf.com/blog/jtl-dig...
DigitStealer: In-Depth Analysis of a New macOS Infostealer
Jamf Threat Labs uncovers DigitStealer, a new macOS infostealer. Learn about its unique evasion techniques, multi-stage payload and how to protect your systems.
www.jamf.com
November 14, 2025 at 12:29 AM
Another great writeup from @txhaflaire.bsky.social on a new stealer that Jamf is calling digitstealer.
www.jamf.com/blog/jtl-dig...
www.jamf.com/blog/jtl-dig...
Oooh XProtect 5322 added XPScripts.yr. Guess they're going to start blocking malicious osascript and other interpreters now.
November 4, 2025 at 10:09 PM
Oooh XProtect 5322 added XPScripts.yr. Guess they're going to start blocking malicious osascript and other interpreters now.
Reposted by golby
A year into Apple Intelligence, what do we know? Well your Mac knows the answers, just gotta ask the right questions.
Read “IQ Check: On-Device vs PCC — Reading the Signals Hidden on Your Mac“ by Bob Gendler on Medium: boberito.medium.com/iq-check-on-...
Read “IQ Check: On-Device vs PCC — Reading the Signals Hidden on Your Mac“ by Bob Gendler on Medium: boberito.medium.com/iq-check-on-...
IQ Check: On-Device vs PCC — Reading the Signals Hidden on Your Mac
Your Mac knows and can tell you specifically on device vs off device for Apple Intelligence
boberito.medium.com
October 6, 2025 at 5:11 PM
A year into Apple Intelligence, what do we know? Well your Mac knows the answers, just gotta ask the right questions.
Read “IQ Check: On-Device vs PCC — Reading the Signals Hidden on Your Mac“ by Bob Gendler on Medium: boberito.medium.com/iq-check-on-...
Read “IQ Check: On-Device vs PCC — Reading the Signals Hidden on Your Mac“ by Bob Gendler on Medium: boberito.medium.com/iq-check-on-...
Interested in Mac security research, reversing macOS malware, or detection engineering?
Jamf Threat Labs is hiring! We're looking for passionate individuals to join our team and and help push the boundaries of Apple security.
- Brno, Czechia
- Austin, Eau Claire, Minneapolis
Jamf Threat Labs is hiring! We're looking for passionate individuals to join our team and and help push the boundaries of Apple security.
- Brno, Czechia
- Austin, Eau Claire, Minneapolis
September 24, 2025 at 1:26 PM
Interested in Mac security research, reversing macOS malware, or detection engineering?
Jamf Threat Labs is hiring! We're looking for passionate individuals to join our team and and help push the boundaries of Apple security.
- Brno, Czechia
- Austin, Eau Claire, Minneapolis
Jamf Threat Labs is hiring! We're looking for passionate individuals to join our team and and help push the boundaries of Apple security.
- Brno, Czechia
- Austin, Eau Claire, Minneapolis
Reposted by golby
🍎 machofile 🍏 first official release is finally live: github.com/pstirparo/ma...
It is a python module to parse #Mach-O binary files, with a focus on malware analysis and reverse engineering.
machofile is self-contained.
#macho #ios #reverseengineering #detection #threathunting #threatintel 1/3
It is a python module to parse #Mach-O binary files, with a focus on malware analysis and reverse engineering.
machofile is self-contained.
#macho #ios #reverseengineering #detection #threathunting #threatintel 1/3
GitHub - pstirparo/machofile: machofile is a module to parse Mach-O binary files
machofile is a module to parse Mach-O binary files - pstirparo/machofile
github.com
July 30, 2025 at 2:11 PM
🍎 machofile 🍏 first official release is finally live: github.com/pstirparo/ma...
It is a python module to parse #Mach-O binary files, with a focus on malware analysis and reverse engineering.
machofile is self-contained.
#macho #ios #reverseengineering #detection #threathunting #threatintel 1/3
It is a python module to parse #Mach-O binary files, with a focus on malware analysis and reverse engineering.
machofile is self-contained.
#macho #ios #reverseengineering #detection #threathunting #threatintel 1/3
A great writeup by my coworker, @txhaflaire.bsky.social about a new variant (signed and notarized) of odyssey stealer.
www.jamf.com/blog/signed-...
www.jamf.com/blog/signed-...
Evolution of macOS Odyssey Stealer: New Techniques & Signed Malware
Discover new technical insights into the Odyssey Stealer malware, including signed & notarized variants, SwiftUI-based social engineering, and advanced persistence techniques.
www.jamf.com
July 16, 2025 at 6:49 PM
A great writeup by my coworker, @txhaflaire.bsky.social about a new variant (signed and notarized) of odyssey stealer.
www.jamf.com/blog/signed-...
www.jamf.com/blog/signed-...
Reposted by golby
Forgot to post this here the other day
Compliance updatepalooza.
Newly released updated mSCP compliance information for macOS Sequoia, macOS Sonoma, macOS Ventura, iOS 18, iOS 17, iOS 16, and visionOS.
github.com/usnistgov/ma...
Compliance updatepalooza.
Newly released updated mSCP compliance information for macOS Sequoia, macOS Sonoma, macOS Ventura, iOS 18, iOS 17, iOS 16, and visionOS.
github.com/usnistgov/ma...
Releases · usnistgov/macos_security
macOS Security Compliance Project. Contribute to usnistgov/macos_security development by creating an account on GitHub.
github.com
July 4, 2025 at 10:10 AM
Forgot to post this here the other day
Compliance updatepalooza.
Newly released updated mSCP compliance information for macOS Sequoia, macOS Sonoma, macOS Ventura, iOS 18, iOS 17, iOS 16, and visionOS.
github.com/usnistgov/ma...
Compliance updatepalooza.
Newly released updated mSCP compliance information for macOS Sequoia, macOS Sonoma, macOS Ventura, iOS 18, iOS 17, iOS 16, and visionOS.
github.com/usnistgov/ma...
Reposted by golby
🤓 My talk at AUSCERT has been released!
In this session, I break down:
- How threat actors are using generative AI,
- How to respond to AI-related breaches,
- And how to improve your AI security maturity with AI-specific incident response, Indicators of Prompt Compromise, and NOVA for […]
In this session, I break down:
- How threat actors are using generative AI,
- How to respond to AI-related breaches,
- And how to improve your AI security maturity with AI-specific incident response, Indicators of Prompt Compromise, and NOVA for […]
Original post on infosec.exchange
infosec.exchange
June 26, 2025 at 5:08 AM
🤓 My talk at AUSCERT has been released!
In this session, I break down:
- How threat actors are using generative AI,
- How to respond to AI-related breaches,
- And how to improve your AI security maturity with AI-specific incident response, Indicators of Prompt Compromise, and NOVA for […]
In this session, I break down:
- How threat actors are using generative AI,
- How to respond to AI-related breaches,
- And how to improve your AI security maturity with AI-specific incident response, Indicators of Prompt Compromise, and NOVA for […]
Reposted by golby
ugh could you imagine if there wasn't a new Turnstile album
June 21, 2025 at 10:56 PM
ugh could you imagine if there wasn't a new Turnstile album
Reposted by golby
So you wanna be a Hitter??!
This is what 101 mph Fastball & a 91 mph Slider looks like (from Chase Shores)
This is what 101 mph Fastball & a 91 mph Slider looks like (from Chase Shores)
June 19, 2025 at 2:44 PM
So you wanna be a Hitter??!
This is what 101 mph Fastball & a 91 mph Slider looks like (from Chase Shores)
This is what 101 mph Fastball & a 91 mph Slider looks like (from Chase Shores)
Reposted by golby
excited bc today @huntress.com is releasing our analysis of a gnarly intrusion into a web3 company by the DPRK's BlueNoroff!! 🤠
we've observed 8 new pieces of macOS malware from implants to infostealers! and they're actually good (for once)!
www.huntress.com/blog/inside-...
we've observed 8 new pieces of macOS malware from implants to infostealers! and they're actually good (for once)!
www.huntress.com/blog/inside-...
Inside the BlueNoroff Web3 macOS Intrusion Analysis | Huntress
Learn how DPRK's BlueNoroff group executed a Web3 macOS intrusion. Explore the attack chain, malware, and techniques in our detailed technical report.
www.huntress.com
June 18, 2025 at 8:53 PM
excited bc today @huntress.com is releasing our analysis of a gnarly intrusion into a web3 company by the DPRK's BlueNoroff!! 🤠
we've observed 8 new pieces of macOS malware from implants to infostealers! and they're actually good (for once)!
www.huntress.com/blog/inside-...
we've observed 8 new pieces of macOS malware from implants to infostealers! and they're actually good (for once)!
www.huntress.com/blog/inside-...
Reposted by golby
Cotton Bureau, is celebrating their 12th anniversary and they’re running a free shipping promo!
All products ship for free (inside the US) with the code Happy12. Int’l shipping is half-off. Promo ends 6/20.
So head to macadmins.org/store and upport the #macAdmins Foundation!
All products ship for free (inside the US) with the code Happy12. Int’l shipping is half-off. Promo ends 6/20.
So head to macadmins.org/store and upport the #macAdmins Foundation!
June 13, 2025 at 7:36 PM
Cotton Bureau, is celebrating their 12th anniversary and they’re running a free shipping promo!
All products ship for free (inside the US) with the code Happy12. Int’l shipping is half-off. Promo ends 6/20.
So head to macadmins.org/store and upport the #macAdmins Foundation!
All products ship for free (inside the US) with the code Happy12. Int’l shipping is half-off. Promo ends 6/20.
So head to macadmins.org/store and upport the #macAdmins Foundation!
Reposted by golby
#mlget has been updated - your 1 stop shop for finding malware across different services!
Grab an updated copy at github.com/xorhex/mlget...
Happy to add additional services if folks know of more!
Some services I no longer have access to for testing - see the Alt text for more info.
Grab an updated copy at github.com/xorhex/mlget...
Happy to add additional services if folks know of more!
Some services I no longer have access to for testing - see the Alt text for more info.
June 11, 2025 at 11:41 PM
#mlget has been updated - your 1 stop shop for finding malware across different services!
Grab an updated copy at github.com/xorhex/mlget...
Happy to add additional services if folks know of more!
Some services I no longer have access to for testing - see the Alt text for more info.
Grab an updated copy at github.com/xorhex/mlget...
Happy to add additional services if folks know of more!
Some services I no longer have access to for testing - see the Alt text for more info.
Reposted by golby
I published my first app on the App Store! macOS, iPadOS, and visionOS!
apps.apple.com/us/app/unive...
apps.apple.com/us/app/unive...
Universal STIG Browser
Universal STIG Browser is a native Apple platform app that allows users to open, view, filter, and export Security Technical Implementation Guides (STIGs) for all supported platforms as published by ...
apps.apple.com
June 10, 2025 at 12:47 PM
I published my first app on the App Store! macOS, iPadOS, and visionOS!
apps.apple.com/us/app/unive...
apps.apple.com/us/app/unive...
Reposted by golby
Game Informer magazine subscriptions are back! 🎉 Lock in early bird pricing by joining today and receive a full year of 10 issues featuring more pages and improved paper. gameinformer.com/subscribe
📽️ youtu.be/xB-wxCebt1U?...
#GameInformer #Subscribe
📽️ youtu.be/xB-wxCebt1U?...
#GameInformer #Subscribe
Game Informer Magazine Print Subscriptions Are Available Now
Today, we’re thrilled to unveil the new Game Informer subscription program. We relaunched Game Informer in March so we could return to covering the games we ...
youtu.be
June 6, 2025 at 4:03 PM
Game Informer magazine subscriptions are back! 🎉 Lock in early bird pricing by joining today and receive a full year of 10 issues featuring more pages and improved paper. gameinformer.com/subscribe
📽️ youtu.be/xB-wxCebt1U?...
#GameInformer #Subscribe
📽️ youtu.be/xB-wxCebt1U?...
#GameInformer #Subscribe
Reposted by golby
Example of a website that entirely lives up to its name owlsintowels.org/gallery/
GALLERY – Owls in Towels
owlsintowels.org
May 26, 2025 at 3:21 PM
Example of a website that entirely lives up to its name owlsintowels.org/gallery/
Cross-posting @malwarezoo@bird.makeup
Modified versions of Termius (SSH client) were uploaded to VirusTotal. Contains a persistent downloader which fetches and decodes Khepri (an open-source post-exploitation tool).
/Applications/Termius.app/Contents/Fra... Helper .app/Contents/MacOS/.localized
Modified versions of Termius (SSH client) were uploaded to VirusTotal. Contains a persistent downloader which fetches and decodes Khepri (an open-source post-exploitation tool).
/Applications/Termius.app/Contents/Fra... Helper .app/Contents/MacOS/.localized
May 23, 2025 at 7:57 PM
Cross-posting @malwarezoo@bird.makeup
Modified versions of Termius (SSH client) were uploaded to VirusTotal. Contains a persistent downloader which fetches and decodes Khepri (an open-source post-exploitation tool).
/Applications/Termius.app/Contents/Fra... Helper .app/Contents/MacOS/.localized
Modified versions of Termius (SSH client) were uploaded to VirusTotal. Contains a persistent downloader which fetches and decodes Khepri (an open-source post-exploitation tool).
/Applications/Termius.app/Contents/Fra... Helper .app/Contents/MacOS/.localized
Reposted by golby
Today I presented at #hackbcn some practical usecases integrating language models for reverse engineering purposes with #radare2 Check out my slides at radare.org/get/r2ai-hac...
May 16, 2025 at 7:30 PM
Today I presented at #hackbcn some practical usecases integrating language models for reverse engineering purposes with #radare2 Check out my slides at radare.org/get/r2ai-hac...
Reposted by golby
Human-Centric IT Systems
Here are the slides and presentation notes from my talk today at MacAD in Brighton. We need to do better about building human-centric IT systems that serve your business goals, and your people.
Here are the slides and presentation notes from my talk today at MacAD in Brighton. We need to do better about building human-centric IT systems that serve your business goals, and your people.
Human-Centric IT Systems
Here are the slides and presentation notes from my talk today at MacAD in Brighton. We need to do better about building human-centric IT systems that serve your business goals, and your people.
tombridge.com
May 16, 2025 at 10:39 AM
Human-Centric IT Systems
Here are the slides and presentation notes from my talk today at MacAD in Brighton. We need to do better about building human-centric IT systems that serve your business goals, and your people.
Here are the slides and presentation notes from my talk today at MacAD in Brighton. We need to do better about building human-centric IT systems that serve your business goals, and your people.
Check out our (@txhaflaire.bsky.social ) blog post where we unpack and analyze an undetected PyInstaller sample. You'll never guess what it ended up being... www.jamf.com/blog/pyinsta...
Unpacking PyInstaller Malware on macOS
Jamf Threat Labs discovers malware: learn how attackers are using PyInstallers to deploy infostealers.
www.jamf.com
May 13, 2025 at 12:47 PM
Check out our (@txhaflaire.bsky.social ) blog post where we unpack and analyze an undetected PyInstaller sample. You'll never guess what it ended up being... www.jamf.com/blog/pyinsta...
Reposted by golby
New store. New merch! Come and get it #macAdmins!
Check it out: “MAF Mac Admins 10th Anniversary - Rainbow Dark” by Mac Admins Foundation on @cottonbureau.com — cottonbureau.com/p/CGM2X5/shi....
#MAF10for10 #macAdmin #Apple
Check it out: “MAF Mac Admins 10th Anniversary - Rainbow Dark” by Mac Admins Foundation on @cottonbureau.com — cottonbureau.com/p/CGM2X5/shi....
#MAF10for10 #macAdmin #Apple
MAF Mac Admins 10th Anniversary - Rainbow Dark by Mac Admins Foundation
Celebrate 10 years of Mac Admins with this super limited run shirt. Featuring a custom "disco ball" logo on the front and the MAC badge on the nape of the neck on the back. We hope you enjoy this "par...
cottonbureau.com
May 7, 2025 at 10:17 PM
New store. New merch! Come and get it #macAdmins!
Check it out: “MAF Mac Admins 10th Anniversary - Rainbow Dark” by Mac Admins Foundation on @cottonbureau.com — cottonbureau.com/p/CGM2X5/shi....
#MAF10for10 #macAdmin #Apple
Check it out: “MAF Mac Admins 10th Anniversary - Rainbow Dark” by Mac Admins Foundation on @cottonbureau.com — cottonbureau.com/p/CGM2X5/shi....
#MAF10for10 #macAdmin #Apple
Playoff hockey is the best hockey!
May 5, 2025 at 2:41 AM
Playoff hockey is the best hockey!
Reposted by golby
I finally finished this #Swiftlang blog post on macOS apps with embedded launch daemons while at @deepdishswift.com. A bit of research for a work project that I ended up abandoning.
dev.to/brysontyrrel...
dev.to/brysontyrrel...
macOS Apps With Embedded Daemons
I recently worked on a prototype for an assistive tool that requires root permissions for some of the...
dev.to
April 28, 2025 at 7:06 PM
I finally finished this #Swiftlang blog post on macOS apps with embedded launch daemons while at @deepdishswift.com. A bit of research for a work project that I ended up abandoning.
dev.to/brysontyrrel...
dev.to/brysontyrrel...