Haven't found a clear answer, but lldb's "target.process.follow-fork-mode child" on macOS is broken, ya? (ChatGPT concurs, esp. when Rosetta comes into play). Here we can see that after fork() is executed ....we're still in the parent (RAX is the pid of the child process) 😣

Take this training if you have a chance

We're looking to fill the final trainer slot for a free (half- or full-day) workshop at our next #OFTW event! 🗓️ Date: July 24th 📍 Location: London 💻 Topics: beginner-friendly cybersecurity (ideally Apple-related). Interested? DM me or email [email protected] 🙏🏽

Security & Usability are often (unfortunately) at odds with each other. Here's a (hilarious) example: Apparently: "if you send an audio message (via iMsg) that includes “Dave and Buster's” the message will never be received" 👀 ...cuz of BlastDoor 😂 rambo.codes/posts/2025-05-…

Stoked to announce #OFTW v3.0 🥳 This *free* student-centric event provides 🍏 trainings & talks! 📍 London 🗓️ July 24-25th Note: Due to limited space you must apply to attend ℹ️More info/apply: objective-see.org/oftw/v3.html Mahalo to Kandji for supporting this event!

Apply now!!!

Fantastic opportunity for students to kickstart their macOS security knowledge & career cc Abertay Hackers Division of Cybersecurity Edinburgh Napier University Security Society SIGINT Leeds Hacking Soc BSides London BSides Scotland Hack Glasgow SteelCon

Excited for the next OFTW! Share/Apply, will be fun. Will be doing an arm64 training. :)

#Cthulhu Stealer for #macOS 🐙 — nothing new under the hood, just repacked. 🧱 Wails-based 🧪 No code changes — same steal logic 🌐 C2: 89[.]208.103[.]185 🧬 #AMOS DNA all over it 📦 Dropped at: /Users/Shared/NW/[CH]Cthulhu_Mac_OS_[date].zip 🔗 x.com/malwrhuntertea…

1/4: Moonlock Lab team notifies about an ongoing campaign involving #Odyssey #macOS #stealer and others utilizing Gatekeeper bypass. Started in early May and has been going on until today. Our analytics system has noticed an anomalous increase in observed samples among our users.

Great opportunity for students and beginners who are interested in macOS/iOS security 🔥

This is going to be a lot of fun! 🍎 I'll be talking about macOS tradecraft and internal red teaming more generally. Attendance is completely free and gives access to the talks and trainings. If you're a student or are starting your career in security, check it out! 🤙

New from Lorenzo Franceschi-Bicchierai, confirmation that the advanced cross-platform cyberespionage backdoor 'Careto' was (as long suspected?) run by Spain 🇪🇸👀 Read: "Mysterious hacking group Careto was run by the Spanish government": techcrunch.com/2025/05/23/mys…

In 2016 I took a look at the macOS variant ...which you can find in Objective-See Foundation's public macOS malware repository: github.com/Objective-see/… #SharingIsCaring

4/5: We also spotted libConfigurer64.dylib, a library previously flagged by Patrick Wardle and described on the Objective-See Foundation blog: objective-see.org/blog/blog_0x79…

Trainings for #OBTS v8 are already starting to sell out! So if you're planning to take a training, now's the time to grab your spot ⏳ View & sign up: objectivebythesea.org/v8/trainings.h…

Stoked to be hosting an introductory macOS malware analysis workshop at the "Malware Village" at DEF CON! 👨🏻‍🏫🍏🐛👾 #defcon33 Space is limited, so if you're interested (and want some free books too!), apply via the Malware Village form: forms.gle/Ruy7FyCe8fcHdh…

Not only is Huntress a generous supporter of our Foundation, they also consistently publish top-notch research on emerging macOS threats 🤩 Their latest (by alden & Stuart Ashenbrenner 🇺🇸 🇨🇦): "Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion": huntress.com/blog/inside-bl…

⏳ Just one week left to submit your talk to #OBTS v8 objectivebythesea.org/v8/cfp.html (CFP closes June 30th). We’ve expanded to 3 days of talks this year, making room for even more cutting-edge research +  first-time speakers. So submit your Apple security-themed proposal today!

Stoked Fleet (fleetdm.com) has joined our "Friends of Objective-See" as a Platinum-tier supporter! 💎 Their supports ensures our: 🛠️ open-source tools 📚 free #TAOMM book(s) 🤗 community-driven #OBTS & #OFTW conferences ...will all continue to thrive and grow!