Claude Code Plugins: A New Attack Surface

AI coding assistants have rapidly evolved from simple autocomplete engines into fully autonomous agents capable of executing code, managing files, and spawning subprocesses on behalf of the developer. Claude Code, Anthropic’s terminal-based coding agent, ships with a plugin ecosystem that significantly extends this capability surface. That same extensibility introduces a set of security concerns worth examining in detail.

This post covers the Claude Code plugin architecture from a security perspective: marketplaces, skill injection, hooks as a shell execution primitive, process tree inheritance, and the TCC permission model on macOS.

Read more →

Hiding Compiled AppleScripts

Following a recent blog post covering the increasingly common use of compiled AppleScripts in malware, I wanted to explore methods to further hide malicious scripts and reduce the chance of detection.
Read more →

macOS DMG Malware

As macOS endpoint controls continue to evolve, adversaries are consistently adapting their TTPs to defeat Apple’s ever-changing security frameworks. Although .dmg files remain a popular initial access vector, the traditional “right-click and open” method has become largely ineffective—especially with the security enhancements introduced in macOS Sequoia.

This analysis delves into some contemporary disk-image malware campaigns, their execution primitives and obfuscation techniques.

Read more →

Santa File Access Authorization

In the evolving landscape of macOS security, NorthPoleSec’s Santa has earned a solid reputation as a flexible and lightweight endpoint security tool. Originally developed by Google, Santa acts as a binary whitelisting/blacklisting system, but in recent iterations, it also provides incredibly powerful features including file-access authorization. This lesser-known feature is a game-changer for protecting sensitive data on disk, such as session tokens, SSH keys, and browser cookies.

In this post, we’ll take a look at how Santa’s file access authorization mechanism works and how you can configure it to prevent common threat actor behaviors on macOS endpoints.

Read more →