L0Psec

New RE Video: youtube.com/watch?v=skOsJj… In this video, I reverse engineer a malicious SwiftUI dropper. Swift is fun to RE so I thought it would be a good idea :) Shout out to @txhaflaire for their recent blog post that covers this malware.

🗞️ We couldn't fit our analysis of a new #AMOS #macOS #backdoor into a thread here, so we published a whole article! We appreciate @SANSInstitute, @BleepinComputer, and others for sharing it! Give it a read! moonlock.com/amos-backdoor-…

We were given a live demo of reversing a macOS malware sample and annotating the disassembly to make it all make sense by @L0Psec using @vector35’s Binary Ninja #OFTW

📢 Just dropped: the full #OBTS v8 talk lineup! objectivebythesea.org/v8/talks.html And for the first time we'll have 3 full days of presentations! 🤩 Congrats to the selected speakers and mahalo to all who submitted. With ~100 submissions, selecting the final talks was a daunting task! 😫

Doing a Swift RE talk at #DEFCON33 @MalwareVillage :) Never been to DEFCON before so I’m looking forward to meeting people! #DC33 #MalwareVillage

The Huntress US SOC is looking for some analysts. So if anyone is looking for a role that can be challenging, has malware to play with, and the chance to learn and grow from some awesome people, then take a look at the roles here: lnkd.in/g2aN3hNk.

The feeling of building a road in Death Stranding 2 is unparalleled.

Check out our new blog post !

Fun crossover blog about TA829 (RomCom) & TransferLoader with my ecrime pals it’s got everything: 🛰️ Popped routers for sending phish 📊 ACH on attribution 👾 custom protocols 👽 cool malware 🕵️ crime 🎯 espionage ❔many unanswered questions proofpoint.com/us/blog/threat…

Hello friends. Check out this awesome and unique role that just opened up on my team in SEAR. Wanna secure Apple silicon, ROMs, iBoot, and more? jobs.apple.com/en-us/details/…

⏳ Just one week left to submit your talk to #OBTS v8 objectivebythesea.org/v8/cfp.html (CFP closes June 30th). We’ve expanded to 3 days of talks this year, making room for even more cutting-edge research +  first-time speakers. So submit your Apple security-themed proposal today!

Hot on the heels of the researched published by @HuntressLabs, hunting for Zoom-themed lures from DPRK's #BlueNoroff 💥Learn hunting techniques 💥Leverage new Validin features and data 💥Full, unredacted indicator list (domains, IPs, hashes) validin.com/blog/zooming_t…

BlueNoroff has been actively targeting victims in the crypto space. On macOS, they've used Script Editor for initial access and now leveraging Automator to bypass Gatekeeper checks. Here are two lures that cleverly download additional payloads and display a decoy PDF, all via…

As always, another fun read by @birchb0y :) there are some really cool techniques too!

Since I haven't posted any exploit videos in a while, here's a macOS Tahoe LPE. 🐟

Found multiple #Clickfix domains connecting to odyssey1[.]to:3333 AMOS Malware 45[.144.233.192 83[.222.190.250 185.39.206.183 appmacosx[.com financementure[.com appsmacosx[.com macosxapp[.com macosapp-apple[.com macapps-apple[.com macapp-apple[.com republicasiamedia[.com

New RE Video: youtube.com/watch?v=3imRXE… In this video, I analyze a recent DPRK attributed Mach-O. Not a complicated sample, however does highlight some strange function calling which may interfere with static analysis. Enjoy! :)