Gabriel Biondo

Security Researcher • macOS Specialist • Exploit Developer

4 minute read

The last war journal started with me mumbling about the fact I didn’t post enough.

FFS — this month I kind of over-posted. And I even held myself back from posting everything I’m writing…

0tH

The first version of 0tH has been released. Am I happy about it? Yes and no.

I am frolic because of the numbers I’ve seen:

  • 31 downloads in the first week. For a brand-new tool, written by an independent researcher who hates all the web crap (SEO and all that debris created just to give IT jobs to people who should be doing something else), with zero sponsoring — that’s a result.
  • 12k+ views on Reddit
  • 250 views on the LinkedIn release post
  • being indexed on ChatGPT (WTF is that about, anyway?)

Conversely, I also noticed a few trivial bugs I should have avoided from the beginning.

No worries — I already exterminated them.

After all, besides being The Byte Architect, I’m also The Byte Insecticide.

You see — I am a penetration tester. And in general, pentesters write their own tools. If you’re interviewing a “pentester” who goes like:

“I use Burp for this, nmap for that, and sqlmap for blah blah…”

while waving their CEH certificate like a holy relic, just chuck their CV straight into the dustbin. Deliberately. With spite.

Let them watch.

Regardless: real pentesters build their tools, and I am no exception.

I wanted something that did exactly what I had in mind, and I wasn’t going to contort myself around otool’s idiosyncrasies.

It’s a living thing — but damn, it feels good to see people trying it.

I foresee the release of version 2026.2.0 in the next few weeks — probably my Xmas gift to the macOS security world.

All the bugs will be gone, and a few new features will land as well:

strings, hexdump, coloured output, and some other funny little things I’ve been playing with.

Less noise, more signal.

Apple Security 101 series

It’s been a while since I wrote anything for this series — and there’s a reason.

The development of 0tH and this series go hand in hand. I’ve been working heavily on the LC_CODE_SIGNATURE load command, which is deeply tied to notarisation and GateKeeper. I just need a bit of time to write the next episode.

It’ll be on these pages shortly. The LC_CODE_SIGNATURE module in 0tH is now mature enough that I can start using it directly in the demos — which is precisely how I wanted this series to evolve in the first place.

Reversing 101

This new series exists for several reasons:

  • there is a lot of documentation on Intel assembly — way too much;
  • there is also plenty of documentation on AArch64, but it lacks the structure I need;
    • especially because I want to see (and show) what actually happens at machine-code level when the toolchain gets involved.

In this series you will see several comparisons with Linux.

It’s not the (n+1)-th OS crusade (I hate crusaders and evangelists — the real power user only needs a terminal. If you don’t believe it, and you understand Italian, have a look here:

Pirate’s Night Show #9 — Hack This con Gabriele Biondo

For non-Italian speakers: it was back when people were fighting over the “best” pentesting distro and all that blah-blah.

I went: “Fuck off, I just need a shell and a TCP stack!”)

Regardless — Linux shows up here not for dogma, but because of my past (I learned to write exploits there, after all).

Linux also has some mature tools that we desperately need under macOS.

Perhaps I’ll end up writing some replacements. Wouldn’t be the first time.

Coming from other environments, this series matters to me not just as a knowledge-sharing effort, but also as a way to formalise concepts in my own mind.

Follow it — it’s fun. Fun — and educational in all the wrong ways.

Other random (and therefore, useless by now) thoughts

  1. I wish I had understood earlier that discipline has nothing to do with privation. It’s all about loving oneself. Yes — Byte Architects can also be philosophical. Especially because I am the only one, so I say what I want.
  2. On that note: three years of discipline spent building your own dreams are far more rewarding than forty years spent building someone else’s.
  3. In the end, you either act or you rot. The world doesn’t care. The universe doesn’t care. The only thing that matters is whether you moved the blade forward today. Even a millimetre counts.

Want the deep dive?

If you’re a security researcher, incident responder, or part of a defensive team and you need the full technical details (labs, YARA sketches, telemetry tricks), email me at info@bytearchitect.io or DM me on X (@reveng3_org). I review legit requests personally and will share private analysis and artefacts to verified contacts only.

Prefer privacy-first contact? Tell me in the first message and I’ll share a PGP key.

Subscribe to The Byte Architect mailing list for release alerts and exclusive follow-ups.

Gabriel(e) Biondo
ByteArchitect · RevEng3 · Rusted Pieces · Sabbath Stones

You May Also Enjoy

Binary Logic, Shifts, and the Zero Register

16 minute read

A hands-on exploration of boolean logic and shift operations on AArch64, driven by debugging rather than theory. This lesson focuses on how small, legal deta...

0tH2026.2.0 Released

2 minute read

Zero the Hero (0tH) 2.0 is out. A Mach-O triage tool for macOS security work, focused on structural inspection and code-signing analysis, with both CLI and R...

Reading LC_CODE_SIGNATURE with 0tH

15 minute read

A deep, hands-on walkthrough of LC_CODE_SIGNATURE across three Mach-O binaries — from an ad-hoc do-nothing app to Safari’s full Apple-grade signature. We in...