Posts TaggedmacOS

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

Threat hunting on macOS? These are the tools malware most often leverages, with ITW examples, MITRE behavioral indicators and links to further research.

Security Research

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

We show how to statically reverse run-only AppleScripts for the first time, and in the process reveal new IoCs of a long-running macOS Cryptominer campaign.

Adversary

APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique

Vietnamese-linked APT group OceanLotus have innovated and imitated in their latest macOS trojan, while also leaving a mysterious hard-coded calling card.

Security Research

Resourceful macOS Malware Hides in Named Fork

Threat actors targeting macOS are deploying a new trick to hide payloads and avoid detection thanks to an old technology: the named resource fork.

Security Research

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

A new macOS ransomware threat uses a custom file encryption routine not based on public key encryption. Jason Reaves shows how we broke it.

feature image macos privilege escalation

Security Research

Privilege Escalation | macOS Malware & The Path to Root Part 1

Researchers invest huge amounts of effort to uncover privilege escalations and develop exploits. What can we learn about macOS security from their work?

Crimeware

Detecting macOS.GMERA Malware Through Behavioral Inspection

New malware hits macOS with well-worn techniques. Can behavioral detection prevent attacks that evade legacy AV and built-in Apple security?

Security Research

macOS Incident Response | Part 3: System Manipulation

How can you detect system manipulations by malware, local or remote attackers on macOS? Find out in the final part of our series on macOS Incident Response.

Security Research

macOS Incident Response | Part 2: User Data, Activity and Behavior

What can we learn about user activity and behavior on a compromised Mac? Learn about the hidden and obfuscated data stores Apple use on the macOS platform.

Security Research

macOS Incident Response | Part 1: Collecting Device, File & System Data

How should you investigate an infected Mac? Has there been lateral movement, data exfiltration, system manipulation? Learn macOS incident response here.

At SentinelOne, we strive to make sure everyone is able to use our products and services easily and productively… https://t.co/vRLtxHtwTUabout 1 hour ago
RT @benjamindoane: S1 is the real deal 9 hours ago
The workplace we knew is gone. Enter @SentinelOne —the only cybersecurity platform purpose-built for the remote w… https://t.co/uhaqzUFvHm22 hours ago
#RDP? #Malvertising? #Exploit Kits? Messaging Applications? Infected Files? #Phishing? Understanding how… https://t.co/bRcOXgGiv323 hours ago

0 / 112

Posts TaggedmacOS

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts

APT32 Multi-stage macOS Trojan Innovates on Crimeware Scripting Technique

Resourceful macOS Malware Hides in Named Fork

Breaking EvilQuest | Reversing A Custom macOS Ransomware File Encryption Routine

Privilege Escalation | macOS Malware & The Path to Root Part 1

Detecting macOS.GMERA Malware Through Behavioral Inspection

macOS Incident Response | Part 3: System Manipulation

macOS Incident Response | Part 2: User Data, Activity and Behavior

macOS Incident Response | Part 1: Collecting Device, File & System Data

20 Common Tools & Techniques Used by macOS Threat Actors & Malware

CVE-2021-24092: 12 Years in Hiding – A Privilege Escalation Vulnerability in Windows Defender

Zeoticus 2.0 | Ransomware With No C2 Required

FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts