Blog
-
EDR Evasion with Lesser-Known Languages & macOS APIs
How macOS malware written in lesser-known languages evades EDRs by exploiting gaps in static analysis, API hooking, and limited telemetry.
-
Code Obfuscation Techniques on macOS: Beyond Packers
Explore advanced code obfuscation techniques used on macOS, beyond packers, and their role in offensive and defensive ops.
-
Why Packers are Rare and Sus on macOS
Why third-party executable packers are rare on macOS, how they conflict with Apple’s security model, and why their presence signals yikes
-
Signature-based Analysis for Reversing
Reversing Apple’s OS components often involves a hybrid approach: using whatever OSS is available, alongside the binaries and signatures.
-
Binary Extraction with Visual Tooling
When source code is unavailable or incomplete, extracting information (“binary extraction”) directly from binaries is the main way forward.
-
macOS Reversing: Bridging Source and Binary with Open Source as a Guide
macOS reversing with open source – a rant, guide, and attempt at documenting some of my learnings in reverse engineering.
-
Unlocking macOS Internals: A Beginner’s Guide to Apple’s Open Source Code
An introduction to macOS internals and Apple’s open-source ecosystem, explaining how researchers can study shared macOS/iOS components like the XNU kernel for security and reverse engineering. It also highlights the challenges of Apple’s delayed, incomplete, and difficult-to-build OSS releases.
-
CFI with Clang, macOS, and Clang on macOS
CFI strengthens system security by preventing me from hijacking a program’s control flow. Covers Clang, macOS, and Clang on macOS!
-
The Anatomy of a Mach-O: Structure, Code Signing, and PAC
The Mach Object (Mach-O) is the binary format used on Apple’s operating systems for executables, libraries, and object code.