Csaba Fitzl
@theevilbit.bsky.social
macOS Security -- Trail running 🏃 -- Mountains ⛰ -- Tolkien fan
🍎 Thank you @macsysadmin.bsky.social for having me! It was a blast as always! I'm already waiting for 2026. #msa2025
/photos by Jonas Jöreskog/
/photos by Jonas Jöreskog/
October 7, 2025 at 10:37 AM
🍎 Thank you @macsysadmin.bsky.social for having me! It was a blast as always! I'm already waiting for 2026. #msa2025
/photos by Jonas Jöreskog/
/photos by Jonas Jöreskog/
Reposted by Csaba Fitzl
Did you see the news last week? 👀
Kandji announced Vulnerability Management to help IT and security teams identify, assess, prioritize, and remediate vulnerabilities on Mac devices - all through a unified workflow in a unified platform.
Read more about it here: buff.ly/432J9E6
Kandji announced Vulnerability Management to help IT and security teams identify, assess, prioritize, and remediate vulnerabilities on Mac devices - all through a unified workflow in a unified platform.
Read more about it here: buff.ly/432J9E6
Vulnerability Management: First Unified Platform to Detect & Remediate on Mac
Kandji announces Kandji Vulnerability Management, which helps IT and security teams identify and remediate vulnerabilities through a unified workflow.
buff.ly
February 20, 2025 at 3:57 PM
Did you see the news last week? 👀
Kandji announced Vulnerability Management to help IT and security teams identify, assess, prioritize, and remediate vulnerabilities on Mac devices - all through a unified workflow in a unified platform.
Read more about it here: buff.ly/432J9E6
Kandji announced Vulnerability Management to help IT and security teams identify, assess, prioritize, and remediate vulnerabilities on Mac devices - all through a unified workflow in a unified platform.
Read more about it here: buff.ly/432J9E6
Reposted by Csaba Fitzl
This week's news summary, we look briefly at the new phone before we look some beefy malware and vulnerabilities, some nice configuration profiles and updates.
macadmins.news/issues/349
#Mac #MacAdmins #Apple
macadmins.news/issues/349
#Mac #MacAdmins #Apple
#349
new iPhone: it's a 16e
macadmins.news
February 21, 2025 at 2:52 PM
This week's news summary, we look briefly at the new phone before we look some beefy malware and vulnerabilities, some nice configuration profiles and updates.
macadmins.news/issues/349
#Mac #MacAdmins #Apple
macadmins.news/issues/349
#Mac #MacAdmins #Apple
🍎🪳My last blog post in the storagekitd - diskarbitrationd vulnerability series, which I presented at #POC2024 and @blackhatevents.bsky.social #BHEU2024 as part of my "Apple Disk-O Party" talk, is up @kandji.bsky.social 's site:
www.kandji.io/blog/macos-a...
www.kandji.io/blog/macos-a...
Uncovering Apple Vulnerabilities: diskarbitrationd and storagekitd Audit Part 3
Exploring CVE-2024-27848 & CVE-2024-44210: How macOS vulnerabilities in storagekitd allowed privilege escalation, how they were exploited & Apple’s patch.
www.kandji.io
February 21, 2025 at 3:20 PM
🍎🪳My last blog post in the storagekitd - diskarbitrationd vulnerability series, which I presented at #POC2024 and @blackhatevents.bsky.social #BHEU2024 as part of my "Apple Disk-O Party" talk, is up @kandji.bsky.social 's site:
www.kandji.io/blog/macos-a...
www.kandji.io/blog/macos-a...
First Apple🍎 macOS 💻 vulnerability of 2025 is submitted. 🥳 Full access to your iCloud documents...
January 8, 2025 at 11:18 AM
First Apple🍎 macOS 💻 vulnerability of 2025 is submitted. 🥳 Full access to your iCloud documents...
Happy New Year! ❄️
January 1, 2025 at 3:19 PM
Happy New Year! ❄️
Year In Sport 2024.
Wasn't that good due to my lingering plantar fasciitis issue. But that is life, sometimes there are low moments, and coming out of those will make you stronger. Hopefully things will get better next year. ⛰️🏃
Wasn't that good due to my lingering plantar fasciitis issue. But that is life, sometimes there are low moments, and coming out of those will make you stronger. Hopefully things will get better next year. ⛰️🏃
December 29, 2024 at 9:13 AM
Year In Sport 2024.
Wasn't that good due to my lingering plantar fasciitis issue. But that is life, sometimes there are low moments, and coming out of those will make you stronger. Hopefully things will get better next year. ⛰️🏃
Wasn't that good due to my lingering plantar fasciitis issue. But that is life, sometimes there are low moments, and coming out of those will make you stronger. Hopefully things will get better next year. ⛰️🏃
🏝️🥾🏃🌋I wrote about my hiking and trail running adventures in Maui, Hawaii, which I did right before #OBTS
Enjoy!
trails.exposure.co/maui-hawaii-...
Enjoy!
trails.exposure.co/maui-hawaii-...
Maui, Hawaii (ENG) by Csaba Fitzl on Exposure
HUNGARIAN / MAGYAR
trails.exposure.co
December 21, 2024 at 3:13 PM
🏝️🥾🏃🌋I wrote about my hiking and trail running adventures in Maui, Hawaii, which I did right before #OBTS
Enjoy!
trails.exposure.co/maui-hawaii-...
Enjoy!
trails.exposure.co/maui-hawaii-...
🍎🪳Second part of the diskarbitrationd - storagekitd vulnerability blog series is out on @kandji.bsky.social 's blog.
These vulnerabilities were presented at @blackhatevents.bsky.social #BHEU2024 and #POC2024 conferences as part of my "Apple Disk-O Party" talk.
www.kandji.io/blog/macos-a...
These vulnerabilities were presented at @blackhatevents.bsky.social #BHEU2024 and #POC2024 conferences as part of my "Apple Disk-O Party" talk.
www.kandji.io/blog/macos-a...
Uncovering Apple Vulnerabilities: diskarbitrationd and storagekitd Audit Part 2
Part 2 of the audit Kandji's Threat Research team performed on the macOS diskarbitrationd & storagekitd system daemons, uncovering several vulnerabilities.
www.kandji.io
December 12, 2024 at 3:50 PM
🍎🪳Second part of the diskarbitrationd - storagekitd vulnerability blog series is out on @kandji.bsky.social 's blog.
These vulnerabilities were presented at @blackhatevents.bsky.social #BHEU2024 and #POC2024 conferences as part of my "Apple Disk-O Party" talk.
www.kandji.io/blog/macos-a...
These vulnerabilities were presented at @blackhatevents.bsky.social #BHEU2024 and #POC2024 conferences as part of my "Apple Disk-O Party" talk.
www.kandji.io/blog/macos-a...
📣I’m happy to announce that I’m planning to write a brand new “macOS Vulnerability Research” training. 🥳
Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.
Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.
December 9, 2024 at 12:00 PM
📣I’m happy to announce that I’m planning to write a brand new “macOS Vulnerability Research” training. 🥳
Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.
Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.
☀️🏝️This is the day! Don’t miss it if you want to learn how to talk with launchd and how to generically detect XPC exploits. 🔥🔥🔥 #OBTS
Extremely excited to be giving a talk titled "Mac, Wheres My Bootstrap" tomorrow at #OBTS with @theevilbit.bsky.social! Join us live on YouTube or in-person at 2:40pm HST / 7:40pm EST. We'll be dropping a tool you can walk away with :)
December 6, 2024 at 8:18 PM
☀️🏝️This is the day! Don’t miss it if you want to learn how to talk with launchd and how to generically detect XPC exploits. 🔥🔥🔥 #OBTS
Reposted by Csaba Fitzl
Good lineup of books! www.humblebundle.com/books/hackin...
Humble Tech Book Bundle: Hacking 2024 by No Starch
Level up your hacking and skills with this tech bundle from No Starch. Learn to protect yourself and others! Pay what you want & support charity!
www.humblebundle.com
December 2, 2024 at 8:58 PM
Good lineup of books! www.humblebundle.com/books/hackin...
Reposted by Csaba Fitzl
Extremely excited to be giving a talk titled "Mac, Wheres My Bootstrap" tomorrow at #OBTS with @theevilbit.bsky.social! Join us live on YouTube or in-person at 2:40pm HST / 7:40pm EST. We'll be dropping a tool you can walk away with :)
December 5, 2024 at 7:34 PM
Extremely excited to be giving a talk titled "Mac, Wheres My Bootstrap" tomorrow at #OBTS with @theevilbit.bsky.social! Join us live on YouTube or in-person at 2:40pm HST / 7:40pm EST. We'll be dropping a tool you can walk away with :)
Entering last day of trainings with my colleagues from @kandji.bsky.social . There is always something new to learn in this field, and it’s great to learn directly from iOS experts @naehrdine.bsky.social and Sn0wfreeze #OBTS
December 4, 2024 at 8:22 PM
Entering last day of trainings with my colleagues from @kandji.bsky.social . There is always something new to learn in this field, and it’s great to learn directly from iOS experts @naehrdine.bsky.social and Sn0wfreeze #OBTS
A dream came true. My first ever Sea To Summit climb, here on Maui. Climbed the 3055m high Haleakala volcano’s highest summit, Red Hill, from the ocean over 30kms. #OBTS
December 1, 2024 at 6:20 AM
A dream came true. My first ever Sea To Summit climb, here on Maui. Climbed the 3055m high Haleakala volcano’s highest summit, Red Hill, from the ocean over 30kms. #OBTS
Reposted by Csaba Fitzl
@vxundergroundre.bsky.social has been kind enough to host Banshee Stealer's leaked source code here. #macOS #InfoStealer #apple #malware
github.com/vxundergroun...
github.com/vxundergroun...
GitHub - vxunderground/MalwareSourceCode: Collection of malware source code for a variety of platforms in an array of different programming languages.
Collection of malware source code for a variety of platforms in an array of different programming languages. - vxunderground/MalwareSourceCode
github.com
November 25, 2024 at 9:08 PM
@vxundergroundre.bsky.social has been kind enough to host Banshee Stealer's leaked source code here. #macOS #InfoStealer #apple #malware
github.com/vxundergroun...
github.com/vxundergroun...
🥾🏃⛰️ It was long time ago I last wrote about my runs or hikes. Below is a post about the trails I explored when I was in South Korea for the POC2024 conference. Enjoy!
trails.exposure.co/on-the-trail...
trails.exposure.co/on-the-trail...
On the Trails of Seoul by Csaba Fitzl on Exposure
Trail running story from South Korea.
trails.exposure.co
November 25, 2024 at 11:58 PM
🥾🏃⛰️ It was long time ago I last wrote about my runs or hikes. Below is a post about the trails I explored when I was in South Korea for the POC2024 conference. Enjoy!
trails.exposure.co/on-the-trail...
trails.exposure.co/on-the-trail...
Reposted by Csaba Fitzl
Been a while since we've seen #macOS #malware abusing osacompile rather than plain osascript, but #Amos Atomic Stealer is nothing if not adaptable. SHA1: 51ef05c84eea3dde149a5dd3ea9916a824e95afc.
A reminder that it's possible (didn't say easy 😅) to reverse compiled #applescript.
s1.ai/fadedead
A reminder that it's possible (didn't say easy 😅) to reverse compiled #applescript.
s1.ai/fadedead
FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts - SentinelLabs
We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.
s1.ai
November 21, 2024 at 11:26 AM
Been a while since we've seen #macOS #malware abusing osacompile rather than plain osascript, but #Amos Atomic Stealer is nothing if not adaptable. SHA1: 51ef05c84eea3dde149a5dd3ea9916a824e95afc.
A reminder that it's possible (didn't say easy 😅) to reverse compiled #applescript.
s1.ai/fadedead
A reminder that it's possible (didn't say easy 😅) to reverse compiled #applescript.
s1.ai/fadedead
Reposted by Csaba Fitzl
How does the new iOS inactivity reboot work? What does it protect from?
I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
Reverse Engineering iOS 18 Inactivity Reboot
Wireless and firmware hacking, PhD life, Technology
naehrdine.blogspot.com
November 17, 2024 at 9:42 PM
How does the new iOS inactivity reboot work? What does it protect from?
I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
I reverse engineered the kernel extension and the secure enclave processor, where this feature is implemented.
naehrdine.blogspot.com/2024/11/reve...
Reposted by Csaba Fitzl
Paged Out! #5 is out – enjoy! pagedout.institute
And if you like the cover, we have wallpapers!
And if you like the cover, we have wallpapers!
November 19, 2024 at 9:31 AM
Paged Out! #5 is out – enjoy! pagedout.institute
And if you like the cover, we have wallpapers!
And if you like the cover, we have wallpapers!
I was featured in PagedOut Issue #5 with my macOS notification forensics article (page 25). I find the whole idea of this magazine pretty cool. Lot's of interesting stuff in there!
November 19, 2024 at 10:20 AM
I was featured in PagedOut Issue #5 with my macOS notification forensics article (page 25). I find the whole idea of this magazine pretty cool. Lot's of interesting stuff in there!
Reposted by Csaba Fitzl
Excellent stuff even though i’m not really a phone guy. Love the reversing and the detailed explanation of the process. 👏 👏
naehrdine.blogspot.com/2024/11/reve...
naehrdine.blogspot.com/2024/11/reve...
Reverse Engineering iOS 18 Inactivity Reboot
Wireless and firmware hacking, PhD life, Technology
naehrdine.blogspot.com
November 17, 2024 at 10:25 PM
Excellent stuff even though i’m not really a phone guy. Love the reversing and the detailed explanation of the process. 👏 👏
naehrdine.blogspot.com/2024/11/reve...
naehrdine.blogspot.com/2024/11/reve...
Reposted by Csaba Fitzl
