Lightnews — Scholar-powered news

Reposted by golby

The Bob @theboberito.bsky.social · 4d

A year into Apple Intelligence, what do we know? Well your Mac knows the answers, just gotta ask the right questions.

Read “IQ Check: On-Device vs PCC — Reading the Signals Hidden on Your Mac“ by Bob Gendler on Medium: boberito.medium.com/iq-check-on-...

IQ Check: On-Device vs PCC — Reading the Signals Hidden on Your Mac

Your Mac knows and can tell you specifically on device vs off device for Apple Intelligence

boberito.medium.com

2 1

golby @golby.bsky.social · 17d

grnh.se/ifqakw3c4us
grnh.se/f227ti8h4us

1

golby @golby.bsky.social · 17d

Interested in Mac security research, reversing macOS malware, or detection engineering?

Jamf Threat Labs is hiring! We're looking for passionate individuals to join our team and and help push the boundaries of Apple security.

- Brno, Czechia
- Austin, Eau Claire, Minneapolis

1 2 3

Reposted by golby

Pasquale Stirparo 🇺🇦 🇪🇺 @pstirparo.bsky.social · Jul 30

🍎 machofile 🍏 first official release is finally live: github.com/pstirparo/ma...

It is a python module to parse #Mach-O binary files, with a focus on malware analysis and reverse engineering.
machofile is self-contained.

#macho #ios #reverseengineering #detection #threathunting #threatintel 1/3

GitHub - pstirparo/machofile: machofile is a module to parse Mach-O binary files

machofile is a module to parse Mach-O binary files - pstirparo/machofile

github.com

1 14 15

golby @golby.bsky.social · Jul 16

A great writeup by my coworker, @txhaflaire.bsky.social about a new variant (signed and notarized) of odyssey stealer.

www.jamf.com/blog/signed-...

Evolution of macOS Odyssey Stealer: New Techniques & Signed Malware

Discover new technical insights into the Odyssey Stealer malware, including signed & notarized variants, SwiftUI-based social engineering, and advanced persistence techniques.

www.jamf.com

2

Reposted by golby

The Bob @theboberito.bsky.social · Jul 4

Forgot to post this here the other day

Compliance updatepalooza.

Newly released updated mSCP compliance information for macOS Sequoia, macOS Sonoma, macOS Ventura, iOS 18, iOS 17, iOS 16, and visionOS.

github.com/usnistgov/ma...

Releases · usnistgov/macos_security

macOS Security Compliance Project. Contribute to usnistgov/macos_security development by creating an account on GitHub.

github.com

3 4

Reposted by golby

Thomas Roccia :verified: @fr0gger.infosec.exchange.ap.brid.gy · Jun 26

🤓 My talk at AUSCERT has been released!

In this session, I break down:
- How threat actors are using generative AI,
- How to respond to AI-related breaches,
- And how to improve your AI security maturity with AI-specific incident response, Indicators of Prompt Compromise, and NOVA for […]

Original post on infosec.exchange

infosec.exchange

1

golby @golby.bsky.social · Jun 25

Well this is new 🙃

1 2

Reposted by golby

Jeff Bakalar @jerf.xyz · Jun 21

ugh could you imagine if there wasn't a new Turnstile album

10 5 80

Reposted by golby

Rob Friedman @pitchingninja.com · Jun 19

So you wanna be a Hitter??!

This is what 101 mph Fastball & a 91 mph Slider looks like (from Chase Shores)

7 27 140

Reposted by golby

alden @re.wtf · Jun 18

excited bc today @huntress.com is releasing our analysis of a gnarly intrusion into a web3 company by the DPRK's BlueNoroff!! 🤠

we've observed 8 new pieces of macOS malware from implants to infostealers! and they're actually good (for once)!

www.huntress.com/blog/inside-...

Inside the BlueNoroff Web3 macOS Intrusion Analysis | Huntress

Learn how DPRK's BlueNoroff group executed a Web3 macOS intrusion. Explore the attack chain, malware, and techniques in our detailed technical report.

www.huntress.com

1 19 29

Reposted by golby

John @jmahlman.bsky.social · Jun 13

Cotton Bureau, is celebrating their 12th anniversary and they’re running a free shipping promo!

All products ship for free (inside the US) with the code Happy12. Int’l shipping is half-off. Promo ends 6/20.

So head to macadmins.org/store and upport the #macAdmins Foundation!

1 1

Reposted by golby

🇺🇦 Xorhex 🇺🇦 @xorhex.bsky.social · Jun 11

#mlget has been updated - your 1 stop shop for finding malware across different services!

Grab an updated copy at github.com/xorhex/mlget...

Happy to add additional services if folks know of more!

Some services I no longer have access to for testing - see the Alt text for more info.

Latest test run: For the ones that failed, I either don’t have a current API key to test with or an instance of the service to test against.

If folks can test and let me know, I’d be very grateful! Please submit an issue in GitHub if it’s broken. Thanks! 😀

2 4 6

Reposted by golby

The Bob @theboberito.bsky.social · Jun 10

I published my first app on the App Store! macOS, iPadOS, and visionOS!

apps.apple.com/us/app/unive...

‎Universal STIG Browser

‎Universal STIG Browser is a native Apple platform app that allows users to open, view, filter, and export Security Technical Implementation Guides (STIGs) for all supported platforms as published by ...

apps.apple.com

4 2

golby @golby.bsky.social · Jun 9

Enjoy!

1 1

golby @golby.bsky.social · Jun 7

It's sooo good. It was killing me to know what the Never Enough transition to track 2 was all about and it did not disappoint.

2

Reposted by golby

Game Informer @gameinformer.com · Jun 6

Game Informer magazine subscriptions are back! 🎉 Lock in early bird pricing by joining today and receive a full year of 10 issues featuring more pages and improved paper. gameinformer.com/subscribe

📽️ youtu.be/xB-wxCebt1U?...
#GameInformer #Subscribe

Game Informer Magazine Print Subscriptions Are Available Now

Today, we’re thrilled to unveil the new Game Informer subscription program. We relaunched Game Informer in March so we could return to covering the games we ...

youtu.be

37 110 290

Reposted by golby

Jason Broccardo @zoocoup.bsky.social · May 26

Example of a website that entirely lives up to its name owlsintowels.org/gallery/

GALLERY – Owls in Towels

owlsintowels.org

1

golby @golby.bsky.social · May 23

Related paths:
/Users/Shared/com.apple.xssooxxagent
/Library/LaunchDaemons/com.apple.xssooxxagent.plist
/tmp/.fseventsd

C2 URLs:
hXXp://download.termius.info/bn.log.enc
hXXp://download.termius.info/bn.log.md5

Jamf threat labs tracks this as ZuRu malware www.jamf.com/blog/jtl-mal...

1

golby @golby.bsky.social · May 23

Related hashes:
de8aca685871ade8a75e4614ada219025e2d6fd7 (Termius9.5.0.dmg)
7087be726590e35285c891dc60acec826a0c03d5 (Termius_final.dmg)
fa9b89d4eb4d47d34f0f366750d55603813097c1 (com.apple.xssooxxagent - persistent downloader)
a7a9b0f8cc1c89f5c195af74ce3add74733b15c0 (.fseventsd - Khepri)

1 1

golby @golby.bsky.social · May 23

Cross-posting @[email protected]

Modified versions of Termius (SSH client) were uploaded to VirusTotal. Contains a persistent downloader which fetches and decodes Khepri (an open-source post-exploitation tool).

/Applications/Termius.app/Contents/Fra... Helper .app/Contents/MacOS/.localized

1 1

Reposted by golby

pancake @trufae.bsky.social · May 16

Today I presented at #hackbcn some practical usecases integrating language models for reverse engineering purposes with #radare2 Check out my slides at radare.org/get/r2ai-hac...

6 10

Reposted by golby

Tom Bridge @tombridge.com · May 16

Human-Centric IT Systems

Here are the slides and presentation notes from my talk today at MacAD in Brighton. We need to do better about building human-centric IT systems that serve your business goals, and your people.

Human-Centric IT Systems

Here are the slides and presentation notes from my talk today at MacAD in Brighton. We need to do better about building human-centric IT systems that serve your business goals, and your people.

tombridge.com

2 6

golby @golby.bsky.social · May 14

My son is so depressed. Time for him to root for the Knicks.

1

golby @golby.bsky.social · May 13

Check out our (@txhaflaire.bsky.social ) blog post where we unpack and analyze an undetected PyInstaller sample. You'll never guess what it ended up being... www.jamf.com/blog/pyinsta...

Unpacking PyInstaller Malware on macOS

Jamf Threat Labs discovers malware: learn how attackers are using PyInstallers to deploy infostealers.

www.jamf.com

1 1