Brandon Dalton
@partyd0lphin.bsky.social
Senior Security Researcher at CrowdStrike
https://swiftly-detecting.notion.site
https://swiftly-detecting.notion.site
Pinned
Extremely excited to be giving a talk titled "Mac, Wheres My Bootstrap" tomorrow at #OBTS with @theevilbit.bsky.social! Join us live on YouTube or in-person at 2:40pm HST / 7:40pm EST. We'll be dropping a tool you can walk away with :)
Sadly no new ES events for macOS 26. There are a few nice event property updates and additions to the process structure though :)
June 9, 2025 at 9:08 PM
Sadly no new ES events for macOS 26. There are a few nice event property updates and additions to the process structure though :)
Wanted to re-share some work from Dec 2023 looking at ES internals w/Frida.
I documented in-detail two variations here to pull event subscriptions w/this method. If you have a go -- let me know! 🧵
I documented in-detail two variations here to pull event subscriptions w/this method. If you have a go -- let me know! 🧵
April 30, 2025 at 3:48 PM
Wanted to re-share some work from Dec 2023 looking at ES internals w/Frida.
I documented in-detail two variations here to pull event subscriptions w/this method. If you have a go -- let me know! 🧵
I documented in-detail two variations here to pull event subscriptions w/this method. If you have a go -- let me know! 🧵
I'm going to WWDC this year!! A childhood dream is coming true! 🎉#WWDC25
April 3, 2025 at 11:40 PM
I'm going to WWDC this year!! A childhood dream is coming true! 🎉#WWDC25
Wow, time flies! Mac Monitor turns two next month 🥳
What began as a passion project of mine has been adopted more widely than I could have imagined.
A huge thank you to all those who supported the project along the way! What are some of your favorite use cases? What do you want to see be added? 🏃♂️
What began as a passion project of mine has been adopted more widely than I could have imagined.
A huge thank you to all those who supported the project along the way! What are some of your favorite use cases? What do you want to see be added? 🏃♂️
March 31, 2025 at 8:15 PM
Wow, time flies! Mac Monitor turns two next month 🥳
What began as a passion project of mine has been adopted more widely than I could have imagined.
A huge thank you to all those who supported the project along the way! What are some of your favorite use cases? What do you want to see be added? 🏃♂️
What began as a passion project of mine has been adopted more widely than I could have imagined.
A huge thank you to all those who supported the project along the way! What are some of your favorite use cases? What do you want to see be added? 🏃♂️
The other day I was updating one of my favorite Core Data projects…. 😉 and came across this blog that would have saved me a lot of time. alexj.org/11/core-data...
You can’t prefix a property with “new*” because of allocation nuances between ARC and the Core Data stack!
You can’t prefix a property with “new*” because of allocation nuances between ARC and the Core Data stack!
How a Core Data Attribute's Name Can Lead to Crashes
alexj.org
March 29, 2025 at 5:56 PM
The other day I was updating one of my favorite Core Data projects…. 😉 and came across this blog that would have saved me a lot of time. alexj.org/11/core-data...
You can’t prefix a property with “new*” because of allocation nuances between ARC and the Core Data stack!
You can’t prefix a property with “new*” because of allocation nuances between ARC and the Core Data stack!
Today Red Canary dropped their 2025 threat detection report! Loved the Mac section
redcanary.com/threat-detec...
redcanary.com/threat-detec...
Mac Malware | Red Canary Threat Detection Report
Mac malware, specifically macOS stealers, ran rampant throughout 2024, until Apple remediated Gatekeeper bypassing from macOS Sequoia.
redcanary.com
March 18, 2025 at 5:16 PM
Today Red Canary dropped their 2025 threat detection report! Loved the Mac section
redcanary.com/threat-detec...
redcanary.com/threat-detec...
Reposted by Brandon Dalton
A fun yearly endeavor for me is contributing to the Red Canary Threat Detection Report, and the 2025 edition is out today! distilled into one report!
Get your free copy of our 2025 Threat Detection Report now. ⬇️
#ThreatReport #SecOps #ThreatIntel
redcanary.com/threat-detec...
Get your free copy of our 2025 Threat Detection Report now. ⬇️
#ThreatReport #SecOps #ThreatIntel
redcanary.com/threat-detec...
Welcome to the Red Canary Threat Detection Report
Our Threat Detection Report takes a close look at the top techniques, threats, and trends to help security teams focus on what matters most.
redcanary.com
March 18, 2025 at 3:55 PM
A fun yearly endeavor for me is contributing to the Red Canary Threat Detection Report, and the 2025 edition is out today! distilled into one report!
Get your free copy of our 2025 Threat Detection Report now. ⬇️
#ThreatReport #SecOps #ThreatIntel
redcanary.com/threat-detec...
Get your free copy of our 2025 Threat Detection Report now. ⬇️
#ThreatReport #SecOps #ThreatIntel
redcanary.com/threat-detec...
The team found some new XCSSET behaviors to further infect additional Xcode projects / maintain persistence!
www.microsoft.com/en-us/securi...
www.microsoft.com/en-us/securi...
New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects | Microsoft Security Blog
Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild. Its first known variant since 2022, this latest XCS...
www.microsoft.com
March 11, 2025 at 6:29 PM
The team found some new XCSSET behaviors to further infect additional Xcode projects / maintain persistence!
www.microsoft.com/en-us/securi...
www.microsoft.com/en-us/securi...
Reposted by Brandon Dalton
Today we released a new version of the macOS Security Compliance Project (mSCP). All the published Apple Intelligence controls for macOS/iOS/iPadOS included. Also, DISA STIG v1r1 for macOS Sequoia and BSI indigo for iOS/iPadOS 18. #mscp #macOS #ios #compliance
Release Sequoia Guidance Revision 1.1 · usnistgov/macos_security
Included in this release are updated guidance documents (HTML, PDF, XLS, SCAP) for the NIST SP 800-53r5 Low, Moderate, and High, NIST 800-171r3, DISA STIG, CNSSI-1253 Low, Moderate, and High, CMMC ...
github.com
December 16, 2024 at 5:56 PM
Today we released a new version of the macOS Security Compliance Project (mSCP). All the published Apple Intelligence controls for macOS/iOS/iPadOS included. Also, DISA STIG v1r1 for macOS Sequoia and BSI indigo for iOS/iPadOS 18. #mscp #macOS #ios #compliance
Reposted by Brandon Dalton
📣I’m happy to announce that I’m planning to write a brand new “macOS Vulnerability Research” training. 🥳
Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.
Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.
December 9, 2024 at 12:00 PM
📣I’m happy to announce that I’m planning to write a brand new “macOS Vulnerability Research” training. 🥳
Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.
Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.
Shout-out to the incredible Huntress crew for the special T-shirt 🏝️ and a killer #OBTS presentation by @stuartjash.bsky.social and @re.wtf!
December 7, 2024 at 7:02 PM
Shout-out to the incredible Huntress crew for the special T-shirt 🏝️ and a killer #OBTS presentation by @stuartjash.bsky.social and @re.wtf!
Extremely excited to be giving a talk titled "Mac, Wheres My Bootstrap" tomorrow at #OBTS with @theevilbit.bsky.social! Join us live on YouTube or in-person at 2:40pm HST / 7:40pm EST. We'll be dropping a tool you can walk away with :)
December 5, 2024 at 7:34 PM
Extremely excited to be giving a talk titled "Mac, Wheres My Bootstrap" tomorrow at #OBTS with @theevilbit.bsky.social! Join us live on YouTube or in-person at 2:40pm HST / 7:40pm EST. We'll be dropping a tool you can walk away with :)
Reposted by Brandon Dalton
