Matteo Bolognini @matteothspclb - Twitter Profile

11 days ago

A new macOS Nova Stealer campaign is riding the AI hype. 📷 Jamf Threat Labs is tracking a GitHub account pushing fake "free Claude" and "ChatGPT trial" repos. Each README walks the victim through pasting a curl | bash one-liner into Terminal — a ClickFix-style spin on the classic drag-to-Terminal trick, dressed up as free AI access. The payload is an unsigned universal Mach-O. The install command runs xattr -c to strip the quarantine flag and sidestep Gatekeeper before execution. Once running, it behaves like the rest of the Nova Stealer family — modular, crypto-wallet-focused, harvesting sensitive user data. The novelty isn't the malware — it's wrapping a well-worn macOS technique in an "AI for free" disguise. IoCs below 📷 #macOS #infostealer #NovaStealer #threatintel

4

21

7

10

2K

matteothspclb retweeted

Objective-See Foundation @objective_see

about 1 month ago

Stoked to announce the #OBTS v9 trainings 🥳 🔗 https://t.co/vMIHMKHGOv This year we’ve expanded to *six* trainings covering iOS & macOS: malware, threat hunting, reversing, vulnerability research, and more! 🍎🐛👾🔬🛡️ Trainings always sell out, so grab your spot today!

1

18

7

1

5K

matteothspclb retweeted

Stuart Ashenbrenner 🇺🇸 🇨🇦 @stuartjash

almost 2 years ago

Publishing some of the notes I've amassed over my years in #macOS security. There's lots, so I'm publishing them as I collate them into something structured and readable. My first few are available, and the rest will be as I finish them. https://t.co/HSjmlGVH5i

4

221

55

118

14K

Matteo Bolognini @matteothspclb

almost 2 years ago

Recordings and slides of the presentations of last @LDNAppleAdmns meetup are now available here: https://t.co/fWH41r77Cw Thanks again folks!

0

2

1

0

67

Who to follow

Tom Tubbiola

@SoCalMacGuy

Keeping Mac users happy and productive since 1999. MacAdmin and JAMF fan.

HappyGhost👨🏻‍💻

@H4ppyGh05t

👨🏻‍💻macOS and busy learning macOS security , Coffee lover ☕️ Apple Swift Programmer, occasional gamer. My views are my own.

Ruth Baader-Meinhof

@mattbenyo

AI at Jamf

matteothspclb retweeted

Jaron Bradley @jbradley89

over 2 years ago

We’ve officially launched SpriteTree at the #OBTS conference! A tool used to visualize and interact with Apple Endpoint Security Data. We will do a blog sometime on all the details but you can download pre-build malware captures and load them in for now! https://t.co/If4TnCzx3R

6

103

32

28

14K

Matteo Bolognini @matteothspclb

about 3 years ago

Jamf Pro introduced LAPS on v10.46, thought I'd give it a try setting up a Slack slash command to integrate with it :) https://t.co/CoewBL8IN6

0

2

0

58

matteothspclb retweeted

Patrick Wardle

@patrickwardle

about 3 years ago

New Blog Post: "The LockBit ransomware (kinda) comes for macOS": https://t.co/GjGZZX22dz 🍎🔐 Includes full technical analysis of LockBit's macOS arm64 variant ("locker_Apple_M1_64") + sample for download + heuristic methods of detection 🔥 H/T @malwrhunterteam @vxunderground

5

208

88

50

112K

Matteo Bolognini @matteothspclb

about 3 years ago

Sometimes you just have to enjoy going down that rabbit hole and over-complicate things. Wrote a quick blog post: https://t.co/TydTwv2uf1

0

17

Matteo Bolognini @matteothspclb

over 3 years ago

Few months after last post on automation, a new chapter. This time poking around with Jamf Protect, Jamf Pro, webhooks, python and APIs in an exercise to detect and respond to Gatekeeper being disabled on macOS. https://t.co/DVz5E9lnsi

0

5

2

0

273

matteothspclb retweeted

Objective-See Foundation @objective_see

over 3 years ago

Objective by the Sea (#OBTS) v6.0 will be held Oct 9ᵗʰ - 13ᵗʰ 2023🍎🧑🏻‍🏫🧑🏻‍💻🌴☀️ More details (location, CFP, etc.) ...soon Can't wait to see y'all at the conference! 🥰

objective_see's tweet photo. Objective by the Sea (#OBTS) v6.0 will be held Oct 9ᵗʰ - 13ᵗʰ 2023🍎🧑🏻‍🏫🧑🏻‍💻🌴☀️

More details (location, CFP, etc.) ...soon
Can't wait to see y'all at the conference! 🥰 https://t.co/konBvJLeMD

8

108

30

5

29K

matteothspclb retweeted

Ruth Baader-Meinhof

@mattbenyo

over 3 years ago

At Black Hat this year @jbradley89 spoke about the work our team at @JamfSoftware Threat Labs does to detect and prevent malware on macOS. featured: research and discoveries by @malwarezoo https://t.co/9QUYbViyDW

0

16

6

3

0

Matteo Bolognini @matteothspclb

over 3 years ago

For the 2nd year in a row, I've been honored to present at #jamf #jnuc the largest gathering of Apple enthusiasts in the world. Earlier this September live from San Diego and now the recording is available on YouTube. Get started with Protect API: https://t.co/V5aDqrLSmj

0

2

0

matteothspclb retweeted

Patrick Wardle

@patrickwardle

over 3 years ago

Tom (@tbridge777) joined us live @ #OBTS v5.0 for a special episode of the @MacAdmPodcast! 🤗 Have a listen, to hear about reasons to come to #OBTS, our focus on the community, details on #OBTS v6.0, and much more! 🎧 https://t.co/4tK9eZJcWh

0

7

3

0

matteothspclb retweeted

Patrick Wardle

@patrickwardle

over 3 years ago

The Objective-See Foundation (@objective_see) is now registered on @benevity 🥰 See: https://t.co/N6O1E1v6Ng This means it's now eligible for workplace giving ("employer-matched donations") & grant making programs! ...yes, even if the employer is Apple 😁🍎 #SharingIsCaring

4

57

14

3

0