macOS Hardening: a new series
Hardening is not about walls, silver bullets, or checklists. It’s about understanding what you are protecting, from whom, and at what cost. Threat modelling,...
Posts by Category
macos-security
Apple Notarization
Notarization is not a seal of approval. It’s a statement of non-objection: Apple scanned an artifact at submission time and found nothing that triggered its ...
Binary Logic, Shifts, and the Zero Register
A hands-on exploration of boolean logic and shift operations on AArch64, driven by debugging rather than theory. This lesson focuses on how small, legal deta...
Understanding Instruction Flow on AArch64 with LLDB
In this post we explore how AArch64 programs actually execute, stepping through instructions with LLDB instead of relying on abstract explanations or “hello ...
Reading LC_CODE_SIGNATURE with 0tH
A deep, hands-on walkthrough of LC_CODE_SIGNATURE across three Mach-O binaries — from an ad-hoc do-nothing app to Safari’s full Apple-grade signature. We in...
More on registers: the ABI
In this lesson we examine what really happens when data moves through registers and execution jumps across routines. We introduce the ABI and AAPCS64, explai...
Introduction to registers
Before we can reverse anything, we need a precise mental model of how ARM64 actually works. In this first lesson we cover the essential foundations: data siz...
Preparing to Reverse
Assembly is the only place where software stops lying. High-level languages hide the truth; instructions expose it. Understanding AArch64 gives you the abili...
Reversing 101 - introduction
A quarter century in pentesting taught me one thing: real reversing knowledge is intentionally rare. Not because it’s hard — but because people want to keep ...
Zero the Hero - A Modern Blade for Carving Through Mach-O
Zero the Hero (0tH) is a modern, Rust-no-panic Mach-O analysis tool focused on precise Load Command parsing, code-signing internals, entitlements, and strict...
Code Signing: SuperBlobs, CodeDirectory, and LC_CODE_SIGNATURE
Code Signing is the foundation of macOS security. Learn how SuperBlobs, CodeDirectory, and LC_CODE_SIGNATURE actually work under the hood.
Apple Gatekeeper
Gatekeeper is macOS’s pre-execution policy engine — not an antivirus, but a trust enforcement layer that decides whether code may run based on its signature,...
Apple Defences
A concise dissection of Apple’s built-in security controls. Not marketing — real mechanisms, real boundaries, and how attackers see them.
security-reversing
Binary Logic, Shifts, and the Zero Register
A hands-on exploration of boolean logic and shift operations on AArch64, driven by debugging rather than theory. This lesson focuses on how small, legal deta...
Understanding Instruction Flow on AArch64 with LLDB
In this post we explore how AArch64 programs actually execute, stepping through instructions with LLDB instead of relying on abstract explanations or “hello ...
Reading LC_CODE_SIGNATURE with 0tH
A deep, hands-on walkthrough of LC_CODE_SIGNATURE across three Mach-O binaries — from an ad-hoc do-nothing app to Safari’s full Apple-grade signature. We in...
More on registers: the ABI
In this lesson we examine what really happens when data moves through registers and execution jumps across routines. We introduce the ABI and AAPCS64, explai...
Introduction to registers
Before we can reverse anything, we need a precise mental model of how ARM64 actually works. In this first lesson we cover the essential foundations: data siz...
Preparing to Reverse
Assembly is the only place where software stops lying. High-level languages hide the truth; instructions expose it. Understanding AArch64 gives you the abili...
Reversing 101 - introduction
A quarter century in pentesting taught me one thing: real reversing knowledge is intentionally rare. Not because it’s hard — but because people want to keep ...
Zero the Hero - A Modern Blade for Carving Through Mach-O
Zero the Hero (0tH) is a modern, Rust-no-panic Mach-O analysis tool focused on precise Load Command parsing, code-signing internals, entitlements, and strict...
Code Signing: SuperBlobs, CodeDirectory, and LC_CODE_SIGNATURE
Code Signing is the foundation of macOS security. Learn how SuperBlobs, CodeDirectory, and LC_CODE_SIGNATURE actually work under the hood.
Mac Malware Reversing Lab
Step-by-step guide to setting up a macOS virtual machine for malware reversing — from choosing the right hypervisor to securing your environment against self...
After OBTS 8.0
First-hand notes from Objective By The Sea: why I attended Patrick Wardle’s Mac malware course, what I learned, and the ideas worth following up.
war-journals
Year Zero
0tH is closed source by design. This post explains why craftsmanship, responsibility, and signal matter more than ideology.I’ll keep building tools that solv...
Byte Architect War Journal - December
The Byte Architect - December - News
Byte Architect War Journal - November
The Byte Architect - November - News
0tH
0tH2026.2.0 Released
Zero the Hero (0tH) 2.0 is out. A Mach-O triage tool for macOS security work, focused on structural inspection and code-signing analysis, with both CLI and R...
Reading LC_CODE_SIGNATURE with 0tH
A deep, hands-on walkthrough of LC_CODE_SIGNATURE across three Mach-O binaries — from an ad-hoc do-nothing app to Safari’s full Apple-grade signature. We in...
theory
Merkle Trees
A hands-on, mathematically honest walkthrough of Merkle trees.From tagged hashing to proofs, root verification, ordering guarantees, and padding strategies u...
service-notices
Service Notice — Noise, Filters, and a Short Downtime
Noise filtering in progress. Brief downtime scheduled. Nothing changes for real readers.