Brandon Dalton's Avatar

Brandon Dalton

@partyd0lphin

Senior Security Researcher at CrowdStrike https://swiftly-detecting.notion.site

91
Followers 69
Following 13
Posts 16.11.2024
Joined
Posts Following

Latest posts by Brandon Dalton @partyd0lphin

Sadly no new ES events for macOS 26. There are a few nice event property updates and additions to the process structure though :)

09.06.2025 21:08 πŸ‘ 4 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

Thank you! Cupertino is hoppin' πŸŽ‰

09.06.2025 00:46 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

#WWDC25 πŸ₯³

09.06.2025 00:20 πŸ‘ 2 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Next up is by intercepting the client's call to es_subscribe itself:
- Script: gist.github.com/Brandon7CC/e...
- Documentation: github.com/redcanaryco/...

30.04.2025 15:50 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

First up, and recommended, is by hooking the client's CoreAnalytics sendEvent function:
- Script: gist.github.com/Brandon7CC/1...
- Documentation: github.com/redcanaryco/...

30.04.2025 15:49 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Wanted to re-share some work from Dec 2023 looking at ES internals w/Frida.
I documented in-detail two variations here to pull event subscriptions w/this method. If you have a go -- let me know! 🧡

30.04.2025 15:48 πŸ‘ 0 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0
Post image

I'm going to WWDC this year!! A childhood dream is coming true! πŸŽ‰#WWDC25

03.04.2025 23:40 πŸ‘ 9 πŸ” 2 πŸ’¬ 1 πŸ“Œ 0
Post image

Wow, time flies! Mac Monitor turns two next month πŸ₯³
What began as a passion project of mine has been adopted more widely than I could have imagined.
A huge thank you to all those who supported the project along the way! What are some of your favorite use cases? What do you want to see be added? πŸƒβ€β™‚οΈ

31.03.2025 20:15 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
How a Core Data Attribute's Name Can Lead to Crashes

The other day I was updating one of my favorite Core Data projects…. πŸ˜‰ and came across this blog that would have saved me a lot of time. alexj.org/11/core-data...

You can’t prefix a property with β€œnew*” because of allocation nuances between ARC and the Core Data stack!

29.03.2025 17:56 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Mac Malware | Red Canary Threat Detection Report Mac malware, specifically macOS stealers, ran rampant throughout 2024, until Apple remediated Gatekeeper bypassing from macOS Sequoia.

Today Red Canary dropped their 2025 threat detection report! Loved the Mac section
redcanary.com/threat-detec...

18.03.2025 17:16 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Welcome to the Red Canary Threat Detection Report Our Threat Detection Report takes a close look at the top techniques, threats, and trends to help security teams focus on what matters most.

A fun yearly endeavor for me is contributing to the Red Canary Threat Detection Report, and the 2025 edition is out today! distilled into one report!

Get your free copy of our 2025 Threat Detection Report now. ⬇️
#ThreatReport #SecOps #ThreatIntel
redcanary.com/threat-detec...

18.03.2025 15:55 πŸ‘ 3 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects | Microsoft Security Blog Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that infects Xcode projects, in the wild. Its first known variant since 2022, this latest XCS...

The team found some new XCSSET behaviors to further infect additional Xcode projects / maintain persistence!
www.microsoft.com/en-us/securi...

11.03.2025 18:29 πŸ‘ 3 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0
Preview
Release Sequoia Guidance Revision 1.1 Β· usnistgov/macos_security Included in this release are updated guidance documents (HTML, PDF, XLS, SCAP) for the NIST SP 800-53r5 Low, Moderate, and High, NIST 800-171r3, DISA STIG, CNSSI-1253 Low, Moderate, and High, CMMC ...

Today we released a new version of the macOS Security Compliance Project (mSCP). All the published Apple Intelligence controls for macOS/iOS/iPadOS included. Also, DISA STIG v1r1 for macOS Sequoia and BSI indigo for iOS/iPadOS 18. #mscp #macOS #ios #compliance

16.12.2024 17:56 πŸ‘ 3 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Post image

πŸ“£I’m happy to announce that I’m planning to write a brand new β€œmacOS Vulnerability Research” training. πŸ₯³

Considering the amount of work the writing requires it will be available late 2025 or early 2026. It will be Live class only, and likely only once or twice a year.

09.12.2024 12:00 πŸ‘ 20 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0
Post image

Shout-out to the incredible Huntress crew for the special T-shirt 🏝️ and a killer #OBTS presentation by @stuartjash.bsky.social and @re.wtf!

07.12.2024 19:02 πŸ‘ 7 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

Extremely excited to be giving a talk titled "Mac, Wheres My Bootstrap" tomorrow at #OBTS with @theevilbit.bsky.social! Join us live on YouTube or in-person at 2:40pm HST / 7:40pm EST. We'll be dropping a tool you can walk away with :)

05.12.2024 19:34 πŸ‘ 9 πŸ” 3 πŸ’¬ 0 πŸ“Œ 1

All the recordings from #r2con2024. 🀩 πŸ™Œ

radare.org/con/2024/

17.11.2024 15:41 πŸ‘ 11 πŸ” 7 πŸ’¬ 0 πŸ“Œ 0