Patrick Wardle (@patrickwardle) / X

Patrick Wardle

10.5K posts

Patrick Wardle

@patrickwardle

🛠 🍎 👾 Objective-See'ing & DoubleYou'ing

Maui, HI

Joined October 2013

Pinned
Patrick Wardle
@patrickwardle
Apr 25, 2024
Stoked for the next (ad)venture: "DoubleYou" techcrunch.com/2024/04/25/ex-… Cofounded w/ long-time friend @hexlogic, we're empowering those building security tools for Apple devices 🍎🛡️ And by bootstrapping this venture, our core value of democratizing security remains our focus!
Ex-NSA hacker and ex-Apple researcher launch startup to protect Apple devices | TechCrunch
From techcrunch.com
43K
Patrick Wardle
@patrickwardle
Jul 19, 2024
I don't do Windows but here are some (initial) details about why the CrowdStrike's CSAgent.sys crashed Faulting inst: mov r9d, [r8] R8: unmapped address ...taken from an array of pointers (held in RAX), index RDX (0x14 * 0x8) holds the invalid memory address @_JohnHammond
923K
Patrick Wardle
@patrickwardle
Nov 14, 2020
In Big Sur Apple decided to exempt many of its apps from being routed thru the frameworks they now require 3rd-party firewalls to use (LuLu, Little Snitch, etc.) 🧐 Q: Could this be (ab)used by malware to also bypass such firewalls? 🤔 A: Apparently yes, and trivially so 😬😱😭
Patrick Wardle
@patrickwardle
Aug 5, 2020
Excited to announce my new book series: "The Art Of Mac Malware" taomm.org 📚 🆓 100% free online 📝 Peer-reviewed & open for comments When published, proceeds will support our #OBTS conference & charity efforts 😍 #SharingIsCaring
The Art of Mac Malware
From taomm.org
Patrick Wardle
@patrickwardle
Jul 24, 2024
No surprises here, but @CrowdStrike confirms @taviso's analysis, that the bug was indeed not due to a NULL-pointer deference 🧠 ...but rather "an out-of-bounds memory read"
Tavis Ormandy
@taviso
Jul 20, 2024
This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n
167K
Patrick Wardle
@patrickwardle
Jan 13, 2021
Omg we did it! 🤩 Thanks to the community feedback (and ya, bad press) Apple decided to remove the ContentFilterExclusionList (in 11.2 beta 2) Means socket filter firewalls (e.g. LuLu) can now comprehensively monitor/block all OS traffic!! Read more:
Hooray, no more ContentFilterExclusionList | Patrick Wardle
From patreon.com
Patrick Wardle
@patrickwardle
Sep 25, 2017
on High Sierra (unsigned) apps can programmatically dump & exfil keychain (w/ your plaintext passwords)🍎🙈😭 vid: player.vimeo.com/video/235313957 #smh
Patrick Wardle
@patrickwardle
Jan 6, 2023
Microsoft's latest ~5000 word "research" blog on Mac ransomware contain zero new research ...yet contains no citations / credit to existing research 😢 See: microsoft.com/en-us/security… Worst, seems pretty close to ripping off "The Art of Mac Malware" book. 😳 What y'all think?
449K
Patrick Wardle
@patrickwardle
Aug 23, 2020
Creating an open-source tool for macOS in 2020: 💻 Buy Mac ($1000+) 🎟️ Create Apple Dev. Account ($99/yr) 🏢 Create company (Entitlement pre-req!) 🤞 Beg for Entitlement(s) 🎫 Create/Install Signing Profile 📝 Write code (yay!) 🔐 Sign w/ Profile 📦 Notarize w/ Apple
Patrick Wardle
@patrickwardle
Aug 28, 2017
found neat design flaw in macOS (incl. High Sierra) that can be abused to locally pop r00t shellz 😈☠️🍎 Hope to discuss @ upcoming con! #0day
GIF
Patrick Wardle
@patrickwardle
Mar 29, 2023
Ever wondered what it's like writing security tools for macOS? 🤔 As Apple provides no official way to detect what app is using the webcam/mic, OverSight simply monitored the system log. This was (independently) reported to Apple, who decided to assign it a CVE/patch it 🥲🤦🏻‍♂️
155K
Patrick Wardle
@patrickwardle
Jan 4, 2022
🍎👾 Just published my annual "Mac Malware of the Year" report, for 2021: objective-see.com/blog/blog_0x6B… An in-depth technical analysis of the year's new Mac malware, covering each: 💉 Infection vector 💾 Persistence mechanism 🛰 Payload and capabilities + samples for download! 🦠
The Mac Malware of 2021 👾
From objective-see.org
Patrick Wardle
@patrickwardle
Oct 20, 2020
This is true 😭 Previously, a comprehensive macOS firewall could be implemented via a Network Kernel Extension (kext) Apple deprecated kexts, giving us Network Extensions....but apparently (many of) their apps / daemons bypass this filtering mechanism. Are we ok with this!?
You’re unable to view this Post because this account owner limits who can view their Posts. Learn more
Patrick Wardle
@patrickwardle
Jul 10, 2018
Apple added code to iOS to appease the Chinese 🇨🇳🤑 ...it contained a remote 'emoji-related' flaw (CVE-2018-4290). Read my latest blog post: "A Remote iOS Bug 🇹🇼" patreon.com/posts/19985285 p.s. if you can read this tweet on your iOS device, you're not vulnerable 🤣