Olivia
Online
Ryan Dowd
@_rdowd
Principal @HuntressLabs | Former Detection & Response Principal @CrowdStrike | macOS Security Enthusiast
Australia
Joined May 2024
87 Following
520 Followers
159 Posts
@gergely_kalman If I had $1 for every time you asked me for a write up I could pay you to write my blogs for me. :P
But yeah, one cookin' right now which is a banger.
Congrats on your bounty dude!
@KyleHanslovan @HuntressLabs Unfortunately these bugs are everywhere in macOS. I wrote a tool that finds then at scale https://t.co/iI7VjR7IIE
Unfortunately the bottleneck is actual real telemetry. Working on that research rn ;)
Found a macOS TOCTOU bug while reviewing Apple EDR integrations at @HuntressLabs.
A non-admin user can delete TCC-protected content by hitting the right timing window. Came up unexpectedly during the review, which made it a fun one.
Found some very common adware quietly killing antivirus products. Then we found an unregistered update domain, and anyone with $10 could have pushed any payload to 25,000+ endpoints, AV already disabled.
So we registered it first.
https://t.co/WMSaym7yOu
Big thanks to @_rdowd
Spent some time with Claude this weekend making an Endpoint Security reference for research and development. Checks for the latest SDK, parses the ES headers, and publishes. Includes a dedicated ES change log and telemetry matrix.
https://t.co/b0HZ6IKOpW
You can now build macOS firewalls/network tools via Endpoint Security - no Network Ext. needed! 🤯
Reversing macOS 24.6’s new ES_EVENT_TYPE_RESERVED_* ES events shows some are network auth/notify hooks
Read: “Building a Firewall…via Endpoint Security!?”
https://t.co/gR4t6dPbbr
I teamed up with Ryan Dowd to investigate a fake OpenClaw installer hosted on GitHub. This was also picked up by Bing's AI and recommended as the correct way to install OpenClaw on Windows.
https://t.co/3bFxLeKxzZ
4 new CVEs in the latest Apple update, 2 with @theevilbit and 2 on my own. I will try to do and get writeups out for these, but right now I'm writing material for the training still. This is turning into a book...
Anyway, update your systems!
Amazing work @tonygo_
I did a summary of my last Predator spyware analysis:
https://t.co/2ccNWxIqjy
I'm excited to announce that I'll be speaking at @BSidesSF & @DianaInitiative on how to detect race conditions on macOS! 🌁
Big thanks to Andrew Krug and Adam Messer for supporting my work, and helping me submit to these amazing conferences!
#InfoSec #BSidesSF @DatadogHQ
We (me + @theevilbit) have a website for the macOS Vulnerability Research Training now, in case you are interested:
https://t.co/TAwcSvCv7l
Update: Things are back on track now.
How it started: "Target Flags are a new security research capability in Apple operating systems that make it easier to objectively demonstrate your findings and determine your award eligibility."
How its going:
@m1thr1da Having the report abruptly closed without comment or email notification of the status change is a little bit frustrating, I won't lie.
@VanStorek I have no problems with this post being shared :)
Updated my ransomware poc to remove the reboot requirement. Full TCC bypass for Tahoe 26.2 chained with a DoS exploit to demo exfiltration of private data and wipe the user's home directory while the user session remains active.
I've been seeing a lot of discussion online recently about the changes to Apple's bug bounty program, specifically the downgrading of payouts for TCC bypass vulnerabilities.
I was recently asked for my thoughts on this matter. I figured the best way to illustrate the importance of supporting research into this class of bug was to demonstrate the real-world impact.
I created a small ransomware POC with clickfix-esque deployment (since that's what the cool kids are doing nowadays).
No TCC prompts or any other system warnings. It exfils all sensitive user data and deletes the user's home and iCloud data.
Last Seen Users on Sotwe
Bến tre
Seen from Vietnam
ชอบสาวรุ่นใหญ่พุนพิน สุราฐ์ธานีก.ม18
Seen from Thailand
puebla gay
Seen from Turkey
Đẹp trai
Seen from Vietnam
Trung Kiên
Seen from Vietnam
Efe Kumral
Seen from Turkey
潮吹XHub
Seen from Canada
GON 
Seen from Japan
MifllifM
Seen from Pakistan
cuckold helper🍆🤫🤫🤫
Seen from South Africa
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
109M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.6M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers