Blog
-
iBoot stage (main bootloader) security on macOS
How iBoot on Apple Silicon Macs acts as the final secure gate before macOS launches by verifying signed boot assets, enforcing memory and hardware protections, validating the SSV, and making boot-level compromise significantly harder than attacks against the kernel or user space.
-
Low-Level Bootloader (LLB) Security on macOS
Overview of the Apple Silicon Low-Level Bootloader. Explains how LLB verifies firmware, enforcing SEP-signed LocalPolicy and anti-replay.
-
Boot ROM Security on Silicon Macs (M1/M2/M3)
A overview of Apple Silicon Boot ROM security. Explains how SecureROM anchors the boot chain of trust, and exploits surrounding it.
-
Security & Health: Why I’m Fundraising for Breast Cancer
Two impactful women in my life were diagnosed with cancer, and in their honor, two of these initiatives will support cancer research. The first of these will focus on breast cancer.
-
EDR Evasion with Lesser-Known Languages & macOS APIs
How macOS malware written in lesser-known languages evades EDRs by exploiting gaps in static analysis, API hooking, and limited telemetry.
-
Code Obfuscation Techniques on macOS: Beyond Packers
Explore advanced code obfuscation techniques used on macOS, beyond packers, and their role in offensive and defensive ops.
-
Why Packers are Rare and Sus on macOS
Why third-party executable packers are rare on macOS, how they conflict with Apple’s security model, and why their presence signals yikes
-
Signature-based Analysis for Reversing
Reversing Apple’s OS components often involves a hybrid approach: using whatever OSS is available, alongside the binaries and signatures.
-
Binary Extraction with Visual Tooling
When source code is unavailable or incomplete, extracting information (“binary extraction”) directly from binaries is the main way forward.