Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
Objective-See Foundation Profile picture
@objective_see
May 2, 2022 β€’ 9 tweets β€’ 12 min read β€’ Read on X
"Objective by the Sea" the Mac Security Conference, is back for v5.0!! 😍πŸ₯³ #OBTS

πŸ“ Spain (near Barcelona)
πŸ§‘πŸ»β€πŸ’» Trainings: Oct 3rd - 5th
πŸ§‘πŸ»β€πŸ« Presentations: Oct 6th - 7th

Submit a talk or register today:
objectivebythesea.org/v5/index.html

...we can't wait to see y'all in sunny Spain! πŸ‡ͺπŸ‡Έ
#OBTS v5.0 will be held at the lovely Le MΓ©ridien Ra Beach Hotel & Spa.

Only ~30 minutes south of Barcelona, the venue is located right on the sunny Mediterranean Sea β˜€οΈπŸŒ΄

We've negotiated a discounted group rate, so book thru the conference site: objectivebythesea.org/v5/location.ht…
We're also stoked to offer new and expanded (3-day) trainings at #OBTS v5.0:

Training 0x1: "The Art of Mac Malware: Detection & Analysis" by @patrickwardle

Training 0x2: "Arm Reverse Engineering & Exploitation" by @Fox0x01 🦊

For more info/to sign up:
objectivebythesea.org/v5/trainings.h…
We'd be stoked if you wanted to speak at #OBTS v5.0

Submit a talk via our via our CFP: objectivebythesea.org/v5/cfp.html

ℹ️ Note that talks are scoped to Apple security topics, such as:
βš™οΈ OS internals
🦠 Malware analysis
πŸ› οΈ Tool making & breaking
πŸ› Bug discovery & exploitation
The conference CFP is now closed πŸ™…πŸ»β€β™‚οΈ

Mahalo for the many many quality CFP submissions, which the CFP committee is now busily reviewing.

The selected talks for #OBTS v5.0, will be announced shortly! πŸ€—
ℹ️ All three trainings at #OBTS v5.0 (taught by @Fox0x01, @jbradley89, & @patrickwardle) are now sold out. Thanks to everybody who signed up! πŸ€—

(Did you know the Objective-See Foundation covers training costs (rooms, etc) while trainers keep 100% of the training proceeds!?) πŸ˜‡
Just announced: the talks for #OBTS v5.0: objectivebythesea.org/v5/talks.html

...and this year's lineup is beyond stacked! πŸ€―πŸ€—
Beyond stoked on talks from @i41nbeer, @luca_nagy_, @LinusHenze, @coolestcatiknow, @daankeuper, @xnyhps, @malwarezoo, @jbradley89, @kristindelrosso, @_michaelepping, @markmorow, @sharvil, @stuartjash
@i41nbeer @luca_nagy_ @LinusHenze @coolestcatiknow @daankeuper @xnyhps @malwarezoo @jbradley89 @kristindelrosso @_michaelepping @markmorow @sharvil @stuartjash Beyond stoked on talks from (cont.) @thomasareed, @mattbenyo, @_r3ggi, @cedowens, @xorrior, @x71n3, @theevilbit, @mcarmanize, @its_a_feature_, @Helthydriver, & @patrickwardle πŸ”₯πŸ”₯πŸ”₯

β€’ β€’ β€’

Missing some Tweet in this thread? You can try to force a refresh
γ€€

Keep Current with Objective-See Foundation

Objective-See Foundation Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @objective_see

Objective-See Foundation Profile picture
Jan 26, 2022
πŸ‘Ύ New Blog Post: Analyzing OSX.DazzleSpy

Discovered by @ESET, DazzleSpy is a fully-featured cyber-espionage macOS implant, installed via a remote Safari exploit ☠️

The targets?
Pro-democracy supporters in Hong Kong.

Read: Analyzing OSX.DazzleSpy
objective-see.com/blog/blog_0x6D…
@ESET's blog post (written by @marc_etienne_ & @cherepanov74) on DazzleSpy is a must read!

...especially for details on the Safari exploit used to remotely deliver the malware! πŸŽπŸ›

welivesecurity.com/2022/01/25/wat…
If you want to play along, we've also uploaded a DazzleSpy sample to our public macOS malware collection. #SharingIsCaring

πŸ‘Ύ objective-see.com/downloads/malw… (pw: infect3d)
Read 4 tweets
Objective-See Foundation Profile picture
Dec 22, 2021
⚠️ In macOS 12 (beta 6), Apple patched an intriguing flaw. Discovered by Gordon Long (@ethicalhax), CVE-2021-30853 allowed attackers to bypass:

▫️Gatekeeper
▫️Notarization
▫️File Quarantine

Interested in exactly how?

Read: "Where's the Interpreter!?"
objective-see.com/blog/blog_0x6A…
In short, unsigned, non-notarized script-based applications would be allowed if their script did *not* specify an interpreter! 🀯🀣

Meaning attackers could trivially bypass a myriad of foundational macOS security mechanisms via:

#!
<any malicious commands>
The issue begins in user-mode, where xpcproxy invokes posix_spawnp to launch the interpreter-less script-based application.

This initially errors out (no interpreter β†’ ENOEXEC), but then posix_spawnp "recovers" and (re)executes the script ...this time directly via /bin/sh:
Read 5 tweets
Objective-See Foundation Profile picture
Nov 11, 2021
Google uncovered a sophisticated attack that leveraged both iOS & macOS exploits (n-/0-days) to infect Apple users! πŸ‘€

Interested in a triage of the macOS implant (named OSX.CDDS), including:
▫️ Installation
▫️ Persistence
▫️ Capabilities

πŸ“ Have a read:
objective-see.com/blog/blog_0x69…
Of course, we're sharing a sample (as always) + the binaries/modules dropped by the implant πŸ˜‡ #SharingIsCaring

πŸ‘Ύ Download: objective-see.com/downloads/malw… (pw: infect3d)
Also be sure to also read:

1️⃣ Google's Threat Analysis Group (TAG) authoritative analysis on the attack/exploits: blog.google/threat-analysi…

2️⃣ @lorenzofb's excellent writeup
vice.com/en/article/93b…

πŸ“πŸ™ŒπŸ½
Read 5 tweets
Objective-See Foundation Profile picture
Sep 15, 2021
⚠️ A new malware campaign is targeting Mac users via sponsored search results & poisoned installers.

πŸ“ Blog post analyzes stealthy trojanization mechanism, 2nd & 3rd stage payloads, and more!

+ samples! πŸ˜‡

Read:
objective-see.com/blog/blog_0x66…

H/T @CodeColorist for discovery! πŸ™
Original discovery: zhuanlan.zhihu.com/p/408746101 πŸ™Œ
...and (as always?) LuLu has got you covered 😍 Image
Read 4 tweets
Objective-See Foundation Profile picture
May 17, 2021
[ #OBTS News ]

Objective by the Sea v4.0 (2021):
objectivebythesea.com/v4/

πŸ‘¨β€πŸ« Training: 09/28 - 09/29
πŸ’¬ Presentations: 09/30 - 10/01

πŸ“ Location: Maui, Hawaii, USA

Can't wait to see y'all in lovely Maui!! β˜€οΈπŸŒ΄
...more details (venue, registration, etc.) soon!
#OBTS v4.0 Call For Papers now open!

Themes of interest are 🍎-security topics, such as:
βš™οΈ OS internals
🦠 Malware analysis
πŸ› οΈ Tool making & breaking
πŸ› Bug discovery & exploitation

CFP details: objectivebythesea.com/v4/cfp.html
We've selected the newly remodeled beachside Westin Resort & Spa, in Ka'anapali Maui to host #OBTS v4.0πŸ–οΈ 😎

We've also secured a block of rooms at a massively discounted group rate. These will sell out, so don't wait (too long)!

More info / to book: objectivebythesea.com/v4/attending.h… ImageImageImageImage
Read 7 tweets
Objective-See Foundation Profile picture
Apr 26, 2021
A massive bug, affecting all recent versions of macOS was actively exploited as an 0day by malware πŸ‘ΎπŸŽ

Read our blog post, #100
"All Your Macs Are Belong To Us"
objective-see.com/blog/blog_0x64…
PoC.gif πŸ”₯
The majority of Mac infections are "user-assisted", which Apple combats via:
βœ…Notarization
βœ…Gatekeeper
βœ…File Quarantine
...these have proven problematic for attackers

But oops, this bug sidesteps all, allowing unsigned (unnotarized) items to be launched ...with no alerts!😭
Read 9 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(