cybersecurity

3665 readers

18 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 2 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub

Not Lost in Translation: Rosetta 2 Artifacts in macOS Intrusions. (cloud.google.com)

submitted 5 hours ago by Tea@programming.dev to c/cybersecurity@infosec.pub

0 comments fedilink hide all child comments

Rosetta 2 is Apple's translation technology for running x86-64 binaries on Apple Silicon (ARM64) macOS systems.

Rosetta 2 translation creates a cache of Ahead-Of-Time (AOT) files that can serve as valuable forensic artifacts.

Mandiant has observed sophisticated threat actors leveraging x86-64 compiled macOS malware, likely due to broader compatibility and relaxed execution policies compared to ARM64 binaries.

Analysis of AOT files, combined with FSEvents and Unified Logs (with a custom profile), can assist in investigating macOS intrusions.

no comments (yet)

sorted by: hot top controversial new old

there doesn't seem to be anything here