Vlad Ionescu

Manish wrote about bypassing macOS EDR in-memory execution detections, and how to catch binaries trying to do just that (hint: yara).

Apple removing kexts really hurt security tools on this platform, and they haven't made up for that loss

https://rtx.meta.security/post-exploitation/2022/12/19/In-Memory-Execution-in-macOS.html

In-Memory Execution in macOS: the Old and the New

Technical writeups by Meta’s Security folks, including Red Team.

Meta Red Team X
Dec 19, 2022 at 11:14pmWeb
Show threadVlad IonescuDec 20, 2022
cc Manish @r34p3r welcome to Mastodon 🙂