"Objective by the Sea" the Mac Security Conference, is back for v5.0!! 😍🥳 #OBTS

📍 Spain (near Barcelona)
🧑🏻‍💻 Trainings: Oct 3rd - 5th
🧑🏻‍🏫 Presentations: Oct 6th - 7th

Submit a talk or register today:
objectivebythesea.org/v5/index.html

...we can't wait to see y'all in sunny Spain! 🇪🇸 #OBTS v5.0 will be held at the lovely Le Méridien Ra Beach Hotel & Spa.

Only ~30 minutes south of Barcelona, the venue is located right on the sunny Mediterranean Sea ☀️🌴

We've negotiated a discounted group rate, so book thru the conference site: objectivebythesea.org/v5/location.ht…

👾 New Blog Post: Analyzing OSX.DazzleSpy

Discovered by @ESET, DazzleSpy is a fully-featured cyber-espionage macOS implant, installed via a remote Safari exploit ☠️

The targets?
Pro-democracy supporters in Hong Kong.

Read: Analyzing OSX.DazzleSpy
objective-see.com/blog/blog_0x6D… @ESET's blog post (written by @marc_etienne_ & @cherepanov74) on DazzleSpy is a must read!

...especially for details on the Safari exploit used to remotely deliver the malware! 🍎🐛

welivesecurity.com/2022/01/25/wat…

⚠️ In macOS 12 (beta 6), Apple patched an intriguing flaw. Discovered by Gordon Long (@ethicalhax), CVE-2021-30853 allowed attackers to bypass:

▫️Gatekeeper
▫️Notarization
▫️File Quarantine

Interested in exactly how?

Read: "Where's the Interpreter!?"
objective-see.com/blog/blog_0x6A… In short, unsigned, non-notarized script-based applications would be allowed if their script did *not* specify an interpreter! 🤯🤣

Meaning attackers could trivially bypass a myriad of foundational macOS security mechanisms via:

#!
<any malicious commands>

Google uncovered a sophisticated attack that leveraged both iOS & macOS exploits (n-/0-days) to infect Apple users! 👀

Interested in a triage of the macOS implant (named OSX.CDDS), including:
▫️ Installation
▫️ Persistence
▫️ Capabilities

📝 Have a read:
objective-see.com/blog/blog_0x69… Of course, we're sharing a sample (as always) + the binaries/modules dropped by the implant 😇 #SharingIsCaring

👾 Download: objective-see.com/downloads/malw… (pw: infect3d)

⚠️ A new malware campaign is targeting Mac users via sponsored search results & poisoned installers.

📝 Blog post analyzes stealthy trojanization mechanism, 2nd & 3rd stage payloads, and more!

+ samples! 😇

Read:
objective-see.com/blog/blog_0x66…

H/T @CodeColorist for discovery! 🙏 Original discovery: zhuanlan.zhihu.com/p/408746101 🙌

[ #OBTS News ]

Objective by the Sea v4.0 (2021):
objectivebythesea.com/v4/

👨‍🏫 Training: 09/28 - 09/29
💬 Presentations: 09/30 - 10/01

📍 Location: Maui, Hawaii, USA

Can't wait to see y'all in lovely Maui!! ☀️🌴
...more details (venue, registration, etc.) soon! #OBTS v4.0 Call For Papers now open!

Themes of interest are 🍎-security topics, such as:
⚙️ OS internals
🦠 Malware analysis
🛠️ Tool making & breaking
🐛 Bug discovery & exploitation

CFP details: objectivebythesea.com/v4/cfp.html

A massive bug, affecting all recent versions of macOS was actively exploited as an 0day by malware 👾🍎

Read our blog post, #100
"All Your Macs Are Belong To Us"
objective-see.com/blog/blog_0x64… PoC.gif 🔥

Today, @SentinelOne published a report on "XcodeSpy", a new macOS malware specimen. 🍎👾

📝 "New macOS malware XcodeSpy Targets Xcode Developers": labs.sentinelone.com/new-macos-malw…

Q: Can our free open-source tools protect you ...with no a priori knowledge of this insidious threat? When the malicious script in the infected Xcode project is executed and attempts to connect to the attacker's remote C&C server for tasking (via /bin/bash), LuLu will intercept this, and alert you: