Macos on cpus.me https://cpus.me/tags/macos/ Recent content in Macos on cpus.me Hugo en-us Thu, 16 Apr 2026 00:00:00 +0000 XProtect and XProtect BehaviorService: previous research https://cpus.me/2026/xprotect-behavior-service/ Thu, 16 Apr 2026 00:00:00 +0000 https://cpus.me/2026/xprotect-behavior-service/ <p>Recently started looking into macOS&rsquo; <code>XProtect</code> and its satellites. There are a few interesting presentations and articles from previous research done in the last years. I mainly want to capture some of the ones that I already went through and found valuable before I publish some of my own findings, learnings and failures.</p> <p>The following two presentations are particularly interesting on what <code>XProtect</code> is and <code>XProtect Remediator</code>:</p> <ul> <li><a href="https://youtu.be/43BIK-e7FBE?si=YWk-pVn_1CZk0kJ2">MDOYVR23 - Stuart Ashenbrenner - (dm)XProtect: Stop, Drop, Shut malware down before it opens up shop </a></li> <li><a href="https://youtu.be/1pJWqtBxb50?si=S6DyzwyJxFvT8SEB">Black Hat USA 2025 | XUnprotect: Reverse Engineering macOS XProtect Remediator </a></li> </ul> <p>I heard about <code>XProtect</code> before, maybe around end of 2024 or so, but never had the interest to research it. But with some of the latest updates related to clipboard pasting and <code>ClickFix</code> campaigns, my interest grew so I started looking into how this works. My own research, so far, for this <code>XProtect</code> feature hasn&rsquo;t uncovered anything new than what is detailed in this high quality research done by <a href="https://objective-see.org/blog/blog_0x87.html">Patrick Wardle</a>.</p> A quick first look at macOS PowerLogs https://cpus.me/2025/macos-powerlogs-1/ Sun, 09 Nov 2025 13:58:41 +0100 https://cpus.me/2025/macos-powerlogs-1/ <h2 id="intro">Intro</h2> <p>Hi there!</p> <p>As I mentioned in my previous post - <a href="https://cpus.me/2025/latest-goodies-10-1/">Latest goodies October #1</a> - there were a few interesting presentations at <a href="https://youtube.com/playlist?list=PLliknDIoYszveXp7vp2RuL5wa-MaxkCzc&amp;si=JBLcCi-Q_SxnHrwB">OBTS v8.0</a> which motivated me to learn more about macOS and *OS platforms. One of the most interesting ones was <a href="https://www.youtube.com/watch?v=dLEZgIwjcPY">Sarah Edwards&rsquo;s - The Power of Powerlogs</a>. All presentations, slides and videos are on <a href="https://objectivebythesea.org/v8/talks.html">OBTS - Talks</a> page. I was aware of macOS&rsquo; powerlogs (most probably from Sarah&rsquo;s blog), however I never spent time investigating them in detail and learning about their structure. This time it seems like a good opportunity to do so.</p>