We are back at Objective by the Sea (OBTS) for its 8th edition, taking place from October 12th to 15th, 2025, in the beautiful location of Ibiza, Spain.
Objective by the Sea (OBTS) is an annual security conference focused on MacOS and iOS security. The event brings together security researchers, developers, and enthusiasts to discuss the latest trends, vulnerabilities, and advancements in the Apple ecosystem.
It chanages every year between being in Spain and Hawaii!
I attended OBTS for the first time in 2023 (OBTS v6) in Marbella, Spain, and had an amazing experience.
The Location
The conference was held in the stunning seaside town of Ibiza, Spain, providing a perfect blend of professional development and relaxation. The venue offered an ideal environment for networking with fellow security researchers while enjoying the Mediterranean atmosphere.
Definately would go back to Ibiza again but only in off-season times for a more relaxed experience.
Event Highlights
OBTS v8 featured an incredible lineup of security researchers presenting cutting-edge research on macOS and iOS security. The conference spanned three days with talks covering everything from kernel internals to practical malware detection techniques.
Something worst pointing out here which I didn’t know of until the event was that OBTS have local events called Objective for the We (OFTW) which are smaller scale events held in various locations throughout the year. These events provide opportunities for the community to come together and share knowledge on a more regular basis.
Highly recommend to join the Discord server to stay updated on upcoming OFTW events!
Talks Summary
This year’s conference featured over 30 technical presentations covering a wide range of topics in Apple ecosystem security.
My favorite talks were primarily focused on the Kernel Exploitation and Vulnerability Research topics. Some of these talks were truly mind-blowing in terms of the depth of research and the technical skill of the presenters in uncovering and exploiting vulnerabilities in macOS is mindblowing.
All of the talks were fantastic and I learned a lot from attending OBTS v8. Here are some of the standout presentations (on no particular order):
- Make XNU
GREATby Jonathan LevinLittle Again - Trust me, I’m an Apple Watch — On Protocol Reversing, Mimicry, and Data Exfiltration by Nils Rollshausen
- Sploitlight: Exploiting Spotlight to Bypass TCC on macOS and Leak Private Data from Apple Intelligence by Christine Fossaceca & Jonathan Bar
- Dylib Hijacking on macOS: Dead or Alive? by Patrick Wardle
- Something from Nothing - Exploiting Memory Zeroing in XNU by Ian Beer
- Reverse Engineering Apple Security Updates by John McIntosh
I picked 6 talk recordings that I found particularly interesting but all of the talks are worth watching.
As someone that isn’t deeply familiar with macOS internals, these talks provided valuable insights into the complexities of the operating system and the challenges faced by security researchers in this space.
YouTube Streams
The whole conference was live-streamed on YouTube. Here are the links to each day’s recordings:
Unofficial 10km
I also unofficially took part in the unofficial 10km run that took place on day 2 of the conference. While not an official event, a group of attendees decided to go for a run along the scenic coastal route near the venue.
I “unofficially” completed the 10km as I woke up later than I planned and missed the official start time but I did run the full distance regardless!
My Photo Competition Entry
With the help of the Ibiza 7am sun rise and a little skill from my dad, I was able to capture this photo for the OBTS photo competition:
Sadly tho I didn’t win anything this time around but it was fun to participate! I will say tho I got a LOT of likes for the photo on the OBTS Discord server which was nice to see.
Conclusion
OBTS v8 was an incredible experience that provided valuable insights into macOS and iOS security. The combination of high-quality technical talks, networking opportunities, and the beautiful location made it a memorable event.
I would highly recommend OBTS to anyone interested in Apple ecosystem security, whether you’re a seasoned researcher or just starting out in the field.
Comprehensive Talk List
Below is the comprehensive list of talks presented at OBTS v8:
Keynote & Platform Security
- Make XNU GREAT Little Again (40 min) - Jonathan Levin - Exploring how Apple is refactoring the Darwin Kernel to isolate security-sensitive components and bring XNU closer to its microkernel roots, covering KTRR, APRR, PPL, SPRR, GXF, SPTM, TXM, exclaves, and TPRO.
Nation-State Threats & Advanced Malware
- Hook, Line and Koi Stealer: New macOS Malware in DPRK Fake Job Interviews (25 min) - Daniel Frank & Adva Gabay - Investigation into DPRK-linked threat actors using fake job interviews and the newly discovered Koi Stealer macOS variant.
- BlueNoroff’s Clues: Investigating a DPRK Intrusion (25 min) - Stuart Ashenbrenner & Alden Schmidt - Deep dive into the complete BlueNoroff attack chain from process injection to Objective-C keyloggers.
- OopsSec: The Short Lived Campaign of Cthulhu Stealer (25 min) - Tara Gould - How OSINT and reverse engineering exposed the downfall of the Cthulhu Stealer macOS malware campaign.
Vulnerability Research & Exploitation
- Crash One - A StarBucks Story (CVE-2025-24277) (25 min) - Gergely Kalman & Csaba Fitzl - Complete exploit development journey for a local privilege escalation vulnerability in osanalyticshelper.
- Breaking the Sound Barrier: Exploiting CoreAudio via Mach Message Fuzzing (40 min) - Dillon Franke - Using structured fuzzing to discover vulnerabilities in macOS IPC handlers, leading to a CoreAudio sandbox escape.
- Sploitlight: Exploiting Spotlight to Bypass TCC on macOS and Leak Private Data from Apple Intelligence (40 min) - Christine Fossaceca & Jonathan Bar Or - Novel TCC bypass (CVE-2025-31199) using Spotlight plugins.
- Queen B: Apple Compressor 0-click RCE (25 min) - Zhi Zhou - Discovery of a 0-click remote code execution vulnerability in Apple Compressor affecting content creators.
- Something from Nothing - Exploiting Memory Zeroing in XNU (25 min) - Ian Beer - Exploiting a curious issue in XNU’s virtual memory subsystem to achieve root on macOS.
- macOS Privilege Escalation Via Traceroute6 (25 min) - Paweł Płatek - Chaining four vulnerabilities in mDNSResponder, traceroute6, and libinfo for local privilege escalation.
Privacy & TCC Bypasses
- Who Cares Where Waldo is. Locating macOS Users Without Their Consent (25 min) - Wojciech Regula - Demonstrating location data leaks through architectural weaknesses in the macOS location database.
- Revoked, Not Dead: When CDHash Revocation Fails to Kill (25 min) - Ferdous Saljooki - Gatekeeper bypass that circumvents Apple’s CDHash-based runtime enforcement.
Apple Intelligence & Cloud Security
- It’s All Fun and Games: Analyzing the Authentication Protocol in Apple’s Private Cloud Compute (25 min) - Callista Gratz - Analysis of the custom authentication protocol in Private Cloud Compute using blind signatures.
Hardware & Baseband Research
- What’s at the Bottom of the Sea, One Baseband? - Diving into the C1 (25 min) - Lukas Arnold - Exploring Apple’s first in-house baseband, the C1, and its security architecture.
- Trust me, I’m an Apple Watch — On Protocol Reversing, Mimicry, and Data Exfiltration (40 min) - Nils Rollshausen - Extensive reverse-engineering of Apple Watch protocols and low-level Bluetooth hacking.
Detection & Threat Hunting
- Gotta Catch ’em All (25 min) - Jaron Bradley - Curated set of practical macOS detections that successfully caught malware and APT activity in the wild.
- Beyond Static Labels: A Behavioral Framework for macOS Grayware Classification (25 min) - Rousana Charles - Behavior-first labeling approach for macOS grayware and PUPs, featuring a case study of the Adload family.
- macOS Internals for Threat Detection Engineers: Logs, ESF, and Automation Utility Risks (25 min) - Olivia Gallucci - Deep dive into macOS telemetry mechanisms for threat detection.
- From Bits to Behavior: Detecting macOS Command and Control Through Statistical Analysis (25 min) - Anje Knottnerus - Statistical techniques for identifying C2 communication patterns in macOS logs.
- Catch me if you Scan: MITRE-enhanced ML Magic to Solve Mac Malware’s Identity Crisis at Scale (25 min) - Kseniia Yamburh & Nazar Grycshuk - ML-based tool for classifying generic macOS malware using MITRE ATT&CK methodology.
macOS Security Features & Internals
- XUnprotect: Reverse Engineering macOS XProtect Remediator (25 min) - Koh Nakagawa - Detailed reverse engineering of XProtect Remediator including custom DSL and OCR-based detection.
- What’s New in Lockdown Mode? (25 min) - Marie Fischer - Analysis of Lockdown Mode implementation on macOS 26 and its protection mechanisms.
- Reverse Engineering Apple Security Updates (25 min) - John McIntosh - Automated system combining deterministic tools and LLM agents to analyze Apple’s security patches.
- BYOB: Bring your own Blackbox - Containerized Defense Evasion on macOS (25 min) - Colson Wilhoit - How adversaries leverage containerization to evade ESF telemetry and EDR on macOS.
- Dylib Hijacking on macOS: Dead or Alive? (25 min) - Patrick Wardle - Revisiting dynamic library hijacking techniques and their current viability on macOS 26.
Tools & Development
- Introducing the Next Generation of Mac Monitor (25 min) - Brandon Dalton - Updates to the open-source Mac Monitor tool for analyzing Endpoint Security events.
- Exploring FSKit: Writing Filesystems for Fun, profit, and Defense, Detections and Evasion? (25 min) - Sharvil Shah - Deep dive into FSKit and security applications of userspace filesystems.
- Using Type Metadata from Swift Binaries (25 min) - Gregor Carmesin - Recovering type information from compiled Swift code for better binary analysis.
iOS Security & Forensics
- Unpacking the iOS Sandbox (25 min) - Yarden Hamami - Understanding iOS sandbox structure and revamping decompilation tools for modern iOS versions.
- The Power of Powerlogs (25 min) - Sarah Edwards - Forensic analysis of the massive Powerlogs database across Apple devices.
- Placeboed Apples: A New Way to Hunt Spyware on iOS (25 min) - Matthias Frielingsdorf - Novel approach using malware simulation to identify forensic indicators of iOS spyware.