My name is Stuart. I'm a macOS security researcher at Huntress, and I created Crash Security (although I don't really maintain it anymore). I'm a reader 📖, basketball coach 🏀, and play the violin 🎻. Former radio DJ and play-by-play broadcaster.

Find me around the web 🌎:

• Personal
  • LinkedIn 💼
  • Twitter 🗣
  • Substack 👶
• macOS
  • Open Source Projects 🤓
    • Aftermath 💥
  • Notes
    • Publicly Available macOS Notes
  • Speaking 🗣
    • Ready or Not: The (Mis)Education of macOS Security Internals at MacDevOpsYVR 2024
    • Debunking 5 Major macOS Myths
    • Stop Mac Hacks in Their Tracks at Huntress
    • Famous AMOS: Protecting Your Cookies at Huntress's Tradecraft Tuesday 2024
    • Investigating macOS Malware with Open Source Tools at Huntress's Tradecraft Tuesday 2023
    • What Happened?: Swiftly Investigating macOS Security Incidents with Aftermath at JNUC 2023
    • (dm)XProtect: Stop, Drop, Shut Malware Down Before It Opens Up Shop at MacDevOpsYVR 2023
    • In the Aftermath at Objective by the Sea 2022
    • A Closer Look at Built-In macOS Security Tools at JNUC 2022
    • 2021 Mac Attack Trends in Review at JNUC 2021
  • Podcasts 🎙️
    • SMB Community Podcast on 05/17/2024 - Endpoint Detection and Response for the MacOS with Huntres
    • MacDevOpsYVR on 05/14/2024 - Aftermath with Stuart Ashenbrenner
    • MacAdmins Podcast on 01/15/2024 - Matt & Stuart on Aftermath
    • MacDevOpsYVR on 06/07/2023 - Hey let's get ready for MacDevOps!
  • Technical Writing 📝

    • Huntress

      • Debunking 5 Major macOS Myths
      • LightSpy Malware Variant Targeting macOS
      • Full Transparency: Controlling Apple's TCC Part II
      • Full Transparency: Controlling Apple's TCC
      • macOS Terms and Trends You Should Know About
      • Ask the Mac Guy: Do I Need AV on Mac
      • Ask the Mac Guy: What's the Deal with Full Disk Access
      • Ask the Mac Guy: Best Practices for Securing Macs
      • Ask the Mac Guy: macOS Security Myths
      • (dm)XProtect: Stop, Drop, Shut Malware Down Before It Opens Up Shop
      • The Battle for macOS Management: MDM vs. RMM
      • Endpoint Security in a macOS World
      • macOS (Not)ifications
      • Built-in macOS Security Tools
      • Insistence on Persistence

    • Jamf

      • Get to know Aftermath: Jamf’s open-source incident response tool
      • Jamf Threat Labs identifies macOS Archive Utility vulnerability
      • Apple Updates XProtect to v2145 and MRT to v178
      • Apple updates XProtect to v2146
      • Zero-Day TCC bypass discovered in XCSSET malware
      • Apple updates both XProtect and MRT
      • XLoader offers new macOS malware-as-a-service
      • Jamf Threat Labs identifies Safari vulnerability allowing for Gatekeeper bypass
      • Jamf protects against Gimmick malware from pulling the strings on macOS
      • Hunting Spring4Shell, another Java-based exploit
      • Jamf protects against oRAT malware
      • UpdateAgent Adapts Again
      • Apple updates to XProtect and MRT
      • Shlayer malware abusing Gatekeeper bypass on macOS
      • Apple updates both XProtect and MRT
      • Apple has pushed a new update to XProtect
      • iOS developers targeted by new XcodeSpy malware
      • Apple updates to XProtect and MRT

      (slide decks are also available in the Presentations repo)