4 series
Attacking macOS (12 parts)
- [ 2026-03-25 ] macOS Internals: Drawing the Attacker's Map
- [ 2026-04-01 ] Reading Mach-O Binaries: The macOS Reverse Engineering Toolkit
- [ 2026-04-08 ] Writing macOS Shellcode From Scratch: Syscalls, Bind Shells, and the 0x2000000 Trick
- [ 2026-04-15 ] Dylib Injection and Hijacking: Getting Your Code Into Someone Else's Process
- [ 2026-04-22 ] The Mach Microkernel: Injecting Code Through a Task Port
- [ 2026-04-29 ] Function Hooking on macOS: Interposing, Swizzling, and a Stolen KeePass Password
- [ 2026-05-06 ] XPC Attacks: When Privileged Helpers Forget to Ask Who's Calling
- [ 2026-05-13 ] The macOS Sandbox: Profiles, Internals, and Two Escapes
- [ 2026-05-20 ] Bypassing TCC: Three Ways Around macOS Privacy Controls
- [ 2026-05-27 ] Symlink and Hardlink Attacks: Lying to Root About Where Files Live
- [ 2026-06-03 ] Getting Kernel Code Execution: Racing the KEXT Loader
- [ 2026-06-04 ] macOS Penetration Testing: Assembling the Full Chain
Deconstructing macOS Security (4 parts)
- [ 2023-10-26 ] Deconstructing macOS Security: XNU, SIP, and The Ring Model
- [ 2023-10-27 ] Deconstructing macOS Security: Code Signing and Notarization
- [ 2023-10-28 ] Deconstructing macOS Security: The Sandbox and TCC
- [ 2023-10-29 ] Deconstructing macOS Security: Endpoint Detection and Hardening
Kernel Sanitizers (2 parts)
Linux Performance (7 parts)
- [ 2024-01-17 ] Where the Light Is Best: Why Performance Analysis Needs a Method
- [ 2024-01-24 ] Better Flashlights: How Linux Observability Works Under the Tools
- [ 2024-01-31 ] Busy Doing Nothing: CPU Utilization, Run Queues, and IPC
- [ 2024-02-07 ] Free Memory Is Memory Doing Nothing: Page Cache, Reclaim, and the OOM Killer
- [ 2024-02-14 ] The Disk Didn't Do It: File System Latency Is What Your App Feels
- [ 2024-02-21 ] When the Disk Did Do It: Block I/O Latency Without the Averages
- [ 2024-02-28 ] Maybe It Was the Network After All: TCP Latency With Evidence