Christine (christine 🌸💐🌺🌷🌹🪻🍃🌱🌿🪴✨) from #Microsoft and Bill (Bill Marczak) from Proofpoint/#CitizenLab at #OBTS7 talking about #CarmineTsunami aka #QuaDream they discovered and collab'd on to reverse - Great talk and work!! See a great writeup: citizenlab.ca/2023/04/spywar…

Maddie (Madeleine Albright-s-1a547811b) and Suweera (Suweera DeSouza) from #CrowdStrike at #OBTS7 - sharing #OSX Stealer campaigns CS has seen targeting OSX - AMOS (spycloud.com/blog/reverse-e… & sentinelone.com/blog/from-amos… ) and Cuckoo kandji.io/blog/malware-c…

Christopher (@l0psec) from #Kandji is at #OBTS7 - ripping apart Swift-based malware - demoed some neat BinaryNinja addons that might help your reversing!

Lukas (Lukas Arnold) talked at #OBTS7 on super kool cellular baseband reversing work - check out some tools they released BaseTrace / github.com/seemoo-lab/Bas… and CellGuard / github.com/seemoo-lab/Cel… - go forth & uncover rogue cellular base stations trying targeting your iPhone!

Stuart (Stuart Ashenbrenner 🇺🇸 🇨🇦) and Alden (alden) from Huntress are at #OBTS7 - examining many OSX stealer variants of AtomicStealer (AMOS) & friends, their evolving techniques and obfuscation &how they can be detected using real life examples! C/o github.com/ald3ns/OBTSv7-…

John (clearbluejar) - Security Researcher at clearseclabs - showed his passion at #OBTS7 for downloading the latest osx updates to work out exactly what is being patched by each update. Some super uses of ghidra including John's tool clearbluejar.github.io/posts/ghidriff…

Jaron (Jaron Bradley) from Jamf - who's spoken at *every* #OBTS conference (!) - bravely gave a fascinating live demo 3D-visualising Jamf's malwareVerse, showing how Jamf can use it to identify interesting malware outliers that might require special attention...

Wojciech Regula(Wojciech Reguła) from Securing examined several popular password managers at #OBTS7 - MacPass/Bitwarden/Nordpass/ProtonPass/KeepassXC -showed how low-privileged malware can trick them to share their secrets! Checkout his iOS security training: courses.securing.pl

Laurie Kirk (LaurieWired) released a new tool at #OBTS - a brand-new, open-source iOS decompiler! Legend!! Check it out! github.com/LaurieWired/Ma…

Mickey Jin, (Mickey Jin), legendary Independent Security Researcher with > *220* CVEs - is back at #OBTS7! - Mickey deep-dived into an interesting vulnerability in PackageKit that allows bypassing of TCC and SIP that #Apple has released 7 (and counting) patches to try and fix!

Martina Tivadar (Martina), doing her master's in Cyber Security, previous #OBTS student scholarship winner! - talked at #OBTS7 about some neat ways of integrating malware machine learning classification into your security toolbox!

Lina Wilske (linkedin.com/in/lina-wilske) Master's student and ex#OBTS scholarship winner, talked at #OBTS7 on iOS sysdiagnose - use it to pinpoint changes in location/travel - pure gold for iOS forensics; has been used to solve multiple criminal cases!

Aloha Trendsetters!! If you’re lucky enough to be here in magical #Maui then hopefully you can be at #OBTS7 in person - another magic day! If you squint - you can make out Patrick Wardle and Andy Rozenberg preparing for a hard conference day's work! Streaming: youtube.com/watch?v=Nm0zLW…

At #OBTS7, Aleksandar (Aleks ) from Cisco Talos Intelligence Group dived into the likely initial access compromise of Kaspersky in 2023 - a daring piece of work! A pdf delivered that exploited TrueType font vuln #CVE-2023-41990: there's a great watch on the tube: youtube.com/watch?v=1f6YyH…

At #OBTS Mykola Grymalyuk (Mykola Grymalyuk) delved into Apple's Rapid Security Response (RSR) & 'Cryptex' system - and what happened/changed ( bleepingcomputer.com/news/security/…) - and where Apple's since been secretly deploying RSR's to the public. Check out his talk khronokernel.com/macos/2024/12/…

Kinga Kieczkowska ([email protected] 🇺🇦) gave a great overview of iPhone backup forensics at #OBTS - this is very useful for rapid triage (as opposed to a full physical acquisition - you might find these backups 'lying around' on host/cloud). Check out github.com/abrignoni/iLEA… !

Jacob (@jacoblatonis) & Greg (Greg Lesnewich) from @Proofpoint talked at #OBTS about the very exciting release of Yara-X &how they built a Macho parser in Rust!! Shoutout to Gen Threat Labs / @ Tomáš Ďuriš for their work too! Now in prod for VirusTotal! virustotal.github.io/yara-x/blog/vi…

Colson (@defsecsentinel) spoke at #OBTS, on techniques used to work around OSX security controls, and Elastic's innovations in behaviour detections to inflict maximum adversary cost. (See github.com/elastic/protec…) Also talked about attacks using JXA (see posts.specterops.io/persistent-jxa…).

Matthias Frielingsdorf aka (Helthydriver), from iVerify (i✌️erify) talked at #OBTS about an iOS commercial spyware exploit sample they investigated for a customer. Full of super sneaky evasions - checkout prev slides at: blackhat.com/asia-24/briefi… & more coming soon!

Marcio Almeida (Márcio Almeida) from Tanto Security to talk at #OBTS about a vulnerability he discovered in Shortcuts - CVE-2024-40834 - that can bypass OSX security controls. Seems Shortcuts has a massive attack surface - the main defense ‘relies’ on a user to NOT click accept!