Patrick Wardle (@patrickwardle) 's Twitter Profile
Patrick Wardle

@patrickwardle

🛠 🍎 👾 Objective-See'ing & DoubleYou'ing

ID: 2149490797

linkhttps://objective-see.org calendar_today22-10-2013 18:11:30

9,9K Tweet

40,40K Followers

972 Following

Stuart Ashenbrenner 🇺🇸 🇨🇦 (@stuartjash) 's Twitter Profile Photo

Super excited to be speaking at #obts with the incredible alden this year. What an absolutely stellar lineup. I can’t believe I get to share the stage with so many legendary people in the macOS security community 🥹

Greg Lesnewich (@greglesnewich) 's Twitter Profile Photo

Catch me and jacob ☕🦆⌨️ at #OBTS talking about DPRK 🇰🇵 (and other APT 🇨🇳 🇷🇺 🇮🇷 🏴‍☠️ ) malware for MacOS, how we tested some methods of clustering compiled Machos, and how Jacob then implemented them into YARA-X 👾🔬 Stoked to be a part of such a great line up!

Xiu (@osint_barbie) 's Twitter Profile Photo

Samples in the article are known and detected, but now we can see attributions to the #Cthulhu team cadosecurity.com/blog/from-the-…

volatility (@volatility) 's Twitter Profile Photo

The next speaker in our #FTSCon lineup: Mikhail Sosonkin (Mikhail Sosonkin) will present “Heuristically Detecting Modern macOS Malware” in the MAKER track! Register for From The Source, hosted by volatility, here: events.humanitix.com/from-the-sourc… More speaker announcements are coming! #dfir

The next speaker in our #FTSCon lineup: Mikhail Sosonkin (<a href="/hexlogic/">Mikhail Sosonkin</a>) will present “Heuristically Detecting Modern macOS Malware” in the MAKER track!

Register for From The Source, hosted by <a href="/volatility/">volatility</a>, here: events.humanitix.com/from-the-sourc…

More speaker announcements are coming!

#dfir
clearbluejar (@clearbluejar) 's Twitter Profile Photo

Stoked (can I say that?) and humbled to be included in the Objective by the Sea #OBTS v7 speaker line up this year! I'm looking forward to meeting several Apple Security giants and making a first time trip out to the islands. 🤙😎🌴🏄‍♂️ objectivebythesea.org/v7/talks.html

Stoked (can I say that?) and humbled to be included in the Objective by the Sea #OBTS v7 speaker line up this year! I'm looking forward to meeting several Apple Security giants and making a first time trip out to the islands.  🤙😎🌴🏄‍♂️ 

objectivebythesea.org/v7/talks.html
Jaron Bradley (@jbradley89) 's Twitter Profile Photo

Join as at the Objective by the Sea conference where I'll be talking about how our team has been working on some new and intuitive ways of analyzing and categorizing macOS malware using data science and 3D visualization! Also, it's Hawaii

Alex Kleber a.k.a Privacy 1st (@privacyis1st) 's Twitter Profile Photo

The developer behind Banshee macOS Stealer just announced that a new update is in the works! They’re calling on all users to provide feedback on any new features they’d like to see added. Got ideas? Now’s your chance to shape the future of Banshee! 🤣🤣🤣🤣🤣 Patrick Wardle

The developer behind Banshee macOS Stealer just announced that a new update is in the works! They’re calling on all users to provide feedback on any new features they’d like to see added. Got ideas? Now’s your chance to shape the future of Banshee! 🤣🤣🤣🤣🤣 <a href="/patrickwardle/">Patrick Wardle</a>
Federico Kirschbaum (@fede_k) 's Twitter Profile Photo

Feeling nostalgic of saying this: This year Ekoparty | Hacking everything turns 20. Beyond our wildest thoughts we would come this far. Always amazed and grateful with the amazing community and supporters for this journey. It’s the last week of the CFP, make it happen ✨🏴‍☠️ sessionize.com/ekoparty-secur…

Moonlock Lab (@moonlock_lab) 's Twitter Profile Photo

1/3: Recently, we analyzed a cracked macOS app that turned out to be a loader for a #macOS #stealer. The .dmg file contains a Mach-O binary that uses base64-decoded commands to download additional payload from a remote server megantic[.]online and run it.

1/3: Recently, we analyzed a cracked macOS app that turned out to be a loader for a #macOS #stealer. The .dmg file contains a Mach-O binary that uses base64-decoded commands to download additional payload from a remote server megantic[.]online and run it.
Moonlock Lab (@moonlock_lab) 's Twitter Profile Photo

3/3: We found one more #macOS #loader on VT with the same script, but no file path errors.  It also sets execute permissions using chmod and clears the com.apple.quarantine attribute with xattr -cr to prevent Gatekeeper from flagging the file as potentially harmful.

3/3: We found one more #macOS #loader on VT with the same script, but no file path errors.  It also sets execute permissions using chmod and clears the com.apple.quarantine attribute with xattr -cr to prevent Gatekeeper from flagging the file as potentially harmful.
Jaron Bradley (@jbradley89) 's Twitter Profile Photo

TrueTree 0.8 is out. Its primary difference is that when displaying the tree , it will attempt to use other pids only if the parent process of that given process id is launchd. You also now have the ability to display only the process name with --nopath github.com/themittenmac/T…

TrueTree 0.8 is out. Its primary difference is that when displaying the tree , it will attempt to use other pids only if the parent process of that given process id is launchd. You also now have the ability to display only the process  name with --nopath

github.com/themittenmac/T…
Objective-See Foundation (@objective_see) 's Twitter Profile Photo

Just updated our public macOS malware collection (github.com/Objective-see/…) with samples of recent malware such as: HZ_RAT, RustDoor, Cthulhu (Stealer) & more! 🍎👾 #SharingIsCaring ℹ️Password for all samples: infect3d ...and if we're missing any samples, let us know! 🙏🏽

Just updated our public macOS malware collection (github.com/Objective-see/…) with samples of recent malware such as: HZ_RAT, RustDoor, Cthulhu (Stealer) &amp; more! 🍎👾  #SharingIsCaring

ℹ️Password for all samples: infect3d

...and if we're missing any samples, let us know! 🙏🏽
DefSecSentinel (@defsecsentinel) 's Twitter Profile Photo

Another #macos #dropper #loader sample similar to a previous one I analyzed that downloads and executes an #infostealer which then collects and exfiltrates sensitive data. Lets take a look in detail at the entire execution chain with Elastic's 'Process Analyzer View' and

Xiu (@osint_barbie) 's Twitter Profile Photo

I am honored to take part in this great event with outstanding speakers. You might not know this, but MacPaw has an incredible office and a beautiful space for such events. So see you there in October!😍

Objective-See Foundation (@objective_see) 's Twitter Profile Photo

We're passionate about empowering students & those interested in🍎-security, thru our free "Objective for the We" talks & trainings! With support from MacPaw’s Moonlock & CleanMyMac, stoked to announce #OFTW v2 (Oct 10-11, in Kyiv 🇺🇦) Info/Sign up: objective-see.org/oftw/v2.html