Binary Logic, Shifts, and the Zero Register
A hands-on exploration of boolean logic and shift operations on AArch64, driven by debugging rather than theory. This lesson focuses on how small, legal deta...
Posts by Tag
- macos-reversing 8
- assembly 6
- apple-security-101 4
- lore 4
- malware-analysis 2
- macos-structure 2
- 0tH 2
- load-commands 2
- I-did-the-math-so-you-dont-have-to 1
- #load-commands 1
- #LC_CODE_SIGNATURE 1
- LC_CODE_SIGNATURE 1
macos-reversing
Understanding Instruction Flow on AArch64 with LLDB
In this post we explore how AArch64 programs actually execute, stepping through instructions with LLDB instead of relying on abstract explanations or “hello ...
More on registers: the ABI
In this lesson we examine what really happens when data moves through registers and execution jumps across routines. We introduce the ABI and AAPCS64, explai...
Introduction to registers
Before we can reverse anything, we need a precise mental model of how ARM64 actually works. In this first lesson we cover the essential foundations: data siz...
Preparing to Reverse
Assembly is the only place where software stops lying. High-level languages hide the truth; instructions expose it. Understanding AArch64 gives you the abili...
Reversing 101 - introduction
A quarter century in pentesting taught me one thing: real reversing knowledge is intentionally rare. Not because it’s hard — but because people want to keep ...
Zero the Hero - A Modern Blade for Carving Through Mach-O
Zero the Hero (0tH) is a modern, Rust-no-panic Mach-O analysis tool focused on precise Load Command parsing, code-signing internals, entitlements, and strict...
After OBTS 8.0
First-hand notes from Objective By The Sea: why I attended Patrick Wardle’s Mac malware course, what I learned, and the ideas worth following up.
assembly
Binary Logic, Shifts, and the Zero Register
A hands-on exploration of boolean logic and shift operations on AArch64, driven by debugging rather than theory. This lesson focuses on how small, legal deta...
Understanding Instruction Flow on AArch64 with LLDB
In this post we explore how AArch64 programs actually execute, stepping through instructions with LLDB instead of relying on abstract explanations or “hello ...
More on registers: the ABI
In this lesson we examine what really happens when data moves through registers and execution jumps across routines. We introduce the ABI and AAPCS64, explai...
Introduction to registers
Before we can reverse anything, we need a precise mental model of how ARM64 actually works. In this first lesson we cover the essential foundations: data siz...
Preparing to Reverse
Assembly is the only place where software stops lying. High-level languages hide the truth; instructions expose it. Understanding AArch64 gives you the abili...
Reversing 101 - introduction
A quarter century in pentesting taught me one thing: real reversing knowledge is intentionally rare. Not because it’s hard — but because people want to keep ...
apple-security-101
Reading LC_CODE_SIGNATURE with 0tH
A deep, hands-on walkthrough of LC_CODE_SIGNATURE across three Mach-O binaries — from an ad-hoc do-nothing app to Safari’s full Apple-grade signature. We in...
Code Signing: SuperBlobs, CodeDirectory, and LC_CODE_SIGNATURE
Code Signing is the foundation of macOS security. Learn how SuperBlobs, CodeDirectory, and LC_CODE_SIGNATURE actually work under the hood.
Apple Gatekeeper
Gatekeeper is macOS’s pre-execution policy engine — not an antivirus, but a trust enforcement layer that decides whether code may run based on its signature,...
Apple Defences
A concise dissection of Apple’s built-in security controls. Not marketing — real mechanisms, real boundaries, and how attackers see them.
lore
0tH2026.2.0 Released
Zero the Hero (0tH) 2.0 is out. A Mach-O triage tool for macOS security work, focused on structural inspection and code-signing analysis, with both CLI and R...
Byte Architect War Journal - December
The Byte Architect - December - News
Zero the Hero - A Modern Blade for Carving Through Mach-O
Zero the Hero (0tH) is a modern, Rust-no-panic Mach-O analysis tool focused on precise Load Command parsing, code-signing internals, entitlements, and strict...
Byte Architect War Journal - November
The Byte Architect - November - News
malware-analysis
Mac Malware Reversing Lab
Step-by-step guide to setting up a macOS virtual machine for malware reversing — from choosing the right hypervisor to securing your environment against self...
After OBTS 8.0
First-hand notes from Objective By The Sea: why I attended Patrick Wardle’s Mac malware course, what I learned, and the ideas worth following up.
macos-structure
Apple Gatekeeper
Gatekeeper is macOS’s pre-execution policy engine — not an antivirus, but a trust enforcement layer that decides whether code may run based on its signature,...
Apple Defences
A concise dissection of Apple’s built-in security controls. Not marketing — real mechanisms, real boundaries, and how attackers see them.
0tH
0tH2026.2.0 Released
Zero the Hero (0tH) 2.0 is out. A Mach-O triage tool for macOS security work, focused on structural inspection and code-signing analysis, with both CLI and R...
Zero the Hero - A Modern Blade for Carving Through Mach-O
Zero the Hero (0tH) is a modern, Rust-no-panic Mach-O analysis tool focused on precise Load Command parsing, code-signing internals, entitlements, and strict...
load-commands
Reading LC_CODE_SIGNATURE with 0tH
A deep, hands-on walkthrough of LC_CODE_SIGNATURE across three Mach-O binaries — from an ad-hoc do-nothing app to Safari’s full Apple-grade signature. We in...
Zero the Hero - A Modern Blade for Carving Through Mach-O
Zero the Hero (0tH) is a modern, Rust-no-panic Mach-O analysis tool focused on precise Load Command parsing, code-signing internals, entitlements, and strict...
I-did-the-math-so-you-dont-have-to
Merkle Trees
A hands-on, mathematically honest walkthrough of Merkle trees.From tagged hashing to proofs, root verification, ordering guarantees, and padding strategies u...
#load-commands
Code Signing: SuperBlobs, CodeDirectory, and LC_CODE_SIGNATURE
Code Signing is the foundation of macOS security. Learn how SuperBlobs, CodeDirectory, and LC_CODE_SIGNATURE actually work under the hood.
#LC_CODE_SIGNATURE
Code Signing: SuperBlobs, CodeDirectory, and LC_CODE_SIGNATURE
Code Signing is the foundation of macOS security. Learn how SuperBlobs, CodeDirectory, and LC_CODE_SIGNATURE actually work under the hood.
LC_CODE_SIGNATURE
Reading LC_CODE_SIGNATURE with 0tH
A deep, hands-on walkthrough of LC_CODE_SIGNATURE across three Mach-O binaries — from an ad-hoc do-nothing app to Safari’s full Apple-grade signature. We in...