tsunekoh

🎉 My submission for Black Hat USA (@BlackHatEvents #BHUSA) has been accepted! I will talk about reverse engineering results of XProtect Remediator (XPR). XPR doesn’t just scan files using YARA rules and delete malware — it does a lot more! It uses a creative mechanism that…

My dream came true! My submission for #OBTS has been accepted! I’ll be talking about the internals of XProtect Remediator, including its detection logic and the DSL implemented using Swift result builders. To be honest, there are many veteran researchers on the list, so I’m…

📢 Just dropped: the full #OBTS v8 talk lineup! objectivebythesea.org/v8/talks.html And for the first time we'll have 3 full days of presentations! 🤩 Congrats to the selected speakers and mahalo to all who submitted. With ~100 submissions, selecting the final talks was a daunting task! 😫

⏳ Just one week left to submit your talk to #OBTS v8 objectivebythesea.org/v8/cfp.html (CFP closes June 30th). We’ve expanded to 3 days of talks this year, making room for even more cutting-edge research +  first-time speakers. So submit your Apple security-themed proposal today!

Think RAM forgets? 🤔 Not always. See how secrets can leak, what mitigations exist on major OS like #macOS, #Windows, #Linux, and what devs can do: afine.com/when-memory-re…

🥰 Thanks for an awesome talk @theevilbit on finding vulnerabilities in Apple packages at scale (using AI) at MDO YVR 2025: youtu.be/NbFZJs62bd8

Introducing Phorion. A modern EDR platform purpose-built for macOS. Because security teams shouldn’t have to settle for Windows-first tools. 🛡️🍎 🧵

My "Finding Vulnerabilities in Apple Packages at Scale" talk is up on YT 🎉

My next book is open for pre-orders!!! I have included the first two chapters in audiobook form for free. You can listen to them now on my website or you can listen and read the sample on Apple Books. Looking forward to getting it into your hands. themittenmac.com/threat-hunting…

Our talk at #BHUSA @BlackHatEvents Briefings has been accepted! This is a presentation on an initiative to make the BIOS usable even after the OS has booted, enabling malbehavior to occur solely within the BIOS, independent of the OS. blackhat.com/us-25/briefing…

We're excited to announce the release of BinjaLattice MCP! With this, you can reverse engineer binaries with Binary Ninja and the power of AI. The full blog can be found here: invokere.com/posts/2025/04/…

Haven’t been able to do vulnerability research for a while, but finally back at it. 2 CVEs and 1 additional recognition. CVE-2025-24204 is simple yet powerful. I'm planning to talk about it somewhere soon (hopefully).

Get unparalleled depth on #Scudo Memory allocator internals - AND a sneak peek at @Morpheus______'s surprise new book - technologeeks.com/blog/Scudo/

Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that targets users by infecting Xcode projects, in the wild. While we’re only seeing this new XCSSET variant in limited attacks at this time, we’re sharing this information…

When the kernel is sus. CVE-2024-54507 is an XNU bug fixed in macOS 15.2 / iOS 18.2. Enjoy! jprx.io/cve-2024-54507

New Blog Post in 2025: jhftss.github.io/CVE-2024-54527… Tell you more about the AMFI👻

Santa delivered my brand new book: “The Art of Mac Malware Vol II: Detecting Malicious Software” 🍎🛡️🐛👨🏻‍💻📚🥰 Three years in the making(!) this 2nd volume in the TAOMM series covers the heuristic-based detection of macOS malware Buy direct via @nostarch: nostarch.com/art-mac-malwar…