You might like
Patrick (@patrickwardle/(double-you.io)/@objective_see) closed out the biggest and best #OBTS yet! Deep diving into dynlib hijacking - does it haunt macOS 26 like a ghost from OSX years past, or has Apple finally buried it for good? 👻🪦 TL;DR - It's back baby!😎😱
Tara linkedin.com/in/tara-gould-… from @Darktrace - showed #OBTS how malware devs make simple mistakes! Tara unpacked the rise and messy fall of Cthulhu Stealer — a macOS credential thief undone by greed, bad opsec, and even an exit scam!
Matthais (@helthydriver)/iVerify(@IsMyPhoneHacked)/Dreams of (security.apple.com/research-devic…) - spoke at #OBTS about Hunting iOS malware - flipping the script using Malware Simulation - building fake spyware to reveal real forensic clues! Also an interesting site mythicalbeasts.dfrlab.org
Sharvil (@sharvil) showed #OBTS how Apple’s new FSKit lets you build filesystems in userspace - you can build a pseudo-FS, use it as a honeypot for infostealers and even a hiding spot for malware. DM him if you need help using this as a Canary/tripwire in your environment!
Koh (@tsunek0h)/FFRI talked at #OBTS about reversing Xprotect Remediator, uncovering Swift-based detection logic, OCR-powered malware spotting 🤯, and Apple’s hidden threat intel (hello, TriangleDB (securelist.com/triangledb-tri… ). Koh has excellent slides - i.blackhat.com/BH-USA-25/Pres…
Marie (linkedin.com/in/marie-fisch…) encouraged everyone at #OBTS to enable Apple’s Lockdown Mode - her talk reverse-engineers how it *really* works on OSX 26 - what’s locked, what’s not! Great research building on @blacktop__'s from 2023 at @0x41con. 🔒🍏
Gregor Carmesin (linkedin.com/in/gregor-carm…) from TU Darmstadt showed #OBTS how you can ‘de-mangle’ the magic of Swift’s type metadata, descriptors and naming to make binary analysis actually readable again! #reverseengineer
Christine @x71n3 and JBO (@yo_yo_yo_jbo ) (& Alexia Wilson) from @Microsoft showed #OBTS how Spotlight just got too bright. 😬 They found a macOS TCC bypass (#CVE-2025-31199) that abuses Spotlight to get your private data - locally and remotely - and showed how to detect!
Ian Beer (@i41nbeer) from @Google’s Project Zero spoke again at #OBTS! Zero’ing read-only pages in XNU - possible? Yes! Weaponizing the bug ( #CVE-2025-24203 ) to get root? Yes!!
Sal (@malwarezoo) from @jamf gave an excellent talk at #OBTS of how Apple tracks and revokes malicious apps. But Revoked doesn’t always mean Vanquished! Sal found a Gatekeeper/CDHash weakness that brings blocked apps back to life — no re-signing required. #CVE-2025-43296
Kicking off Day 3 of #OBTS - LiveStreaming at youtube.com/@objectiveseef… Reminder that the exit event is at the Hotel Melia main pool at 1800!
Zhi Zhou (@codecolorist), whilst pursuing his side-passion of Filmmaking, told #OBTS how he discovered that Apple’s Compressor (part of Final Cut Pro) was harboring an unauthenticated 0-click RCE! It is still vulnerable - keep yer ‘shields up’ until Apple fully fixes!
Olivia (@oliviagalluccii) from @datadoghq entertained #OBTS, showing us how macOS logs everything, diving into ULS, ESF, and TCC.db to hunt threats like Atomic Stealer & XCSSET, and using tools like Consolation3, eslogger, Mac Monitor to catch evil!
Think SUID exploits are dead? Pawel (github.com/GrosQuildu) from @trailofbits showed #OBTS how he cleverly chained four bugs in mDNSResponder/traceroute6/libinfo to get root on macOS (CVE-2025-31222, CVE-2025-30440, CVE-2025-24195) and more
Brandon (@PartyD0lphin) from @crowdstrike talked about many improvements and features in his most awesome opensource tool (Mac Monitor) - ( aka Procmon for OSX ) - & even pushed out version 2 in real-time at #OBTS! Check it out if you haven’t already! github.com/Brandon7CC/mac…
At #OBTS, Wojciech (@_r3ggi) from @SecuRingPL cleverly exposed different flaws in macOS location services, side-channels, leaky apps, and how attackers can track you without zero-days — and gave tips on how defenders can fight back.
At #OBTS, Rousana (@sha17883) from @crowdstrike proposed a new behavior-based approach to classifying grayware — using traits like deception, persistence, monetization, consent, and payload activity — useful for more nuanced, actionable detection!
At #OBTS John McIntosh (@clearbluejar) from @clearseclabs demo’d his pipeline that uses AI, ipsw and ghidriff to auto-extract and diff Apple firmware — rapidly reveals real code changes behind Apple security fixes and to get actionable root-cause intel. Super clever stuff!
Callista Gratz talked about Apple’s “Private Cloud Compute” - it wants to run your AI prompts in the cloud — without seeing them. ☁️🤫 At #OBTS we were treated to a crash course in blind signatures, crypto “games,” & how Apple’s custom auth protocol tries to keep data private
Jonathan Levin (@Technologeeks) gave an intriguing talk at #OBTS on how Apple has turned XNU into a fortress — one acronym at a time. From KTRR → SPRR → TXM → exclaves → conclaves → TPRO (!) He unpacked how Apple's refactoring and locking down the Darwin kernel...and..more
United States Trends
- 1. Raindotgg 2,244 posts
- 2. Sam Houston 1,189 posts
- 3. Lubin 5,330 posts
- 4. Louisville 14.3K posts
- 5. Oregon State 4,668 posts
- 6. #GoAvsGo 1,493 posts
- 7. Batum N/A
- 8. Nuss 5,661 posts
- 9. Emmett Johnson 2,306 posts
- 10. UCLA 7,740 posts
- 11. Miller Moss 1,200 posts
- 12. #Huskers 1,074 posts
- 13. #FlyTogether 1,868 posts
- 14. #MASHLE 1,320 posts
- 15. Oilers 4,679 posts
- 16. #Toonami 1,934 posts
- 17. Bama 13.7K posts
- 18. Lateef 2,275 posts
- 19. Nikki Glaser N/A
- 20. Brohm 1,145 posts
Something went wrong.
Something went wrong.