https://machinecase.com.br/macOS security researcher focused on malware analysis, reverse engineering, and threat hunting. Author of the SEA Analyzer Binary Ninja plugin. 2026-05-25T12:10:21-03:00 Felipe Romano https://machinecase.com.br/ Jekyll © 2026 Felipe Romano /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-05-24T05:27:00-03:00 2026-05-25T12:09:51-03:00 https://machinecase.com.br/posts/dart-reverse-macos/ Felipe Romano

The problem You receive a suspicious macOS binary that opens in Binary Ninja as thousands of anonymous stripped functions with no relevant imports, no readable strings, and no obvious entry point, and when you run strings all you get is libSystem, some pthread calls, and standard libc with nothing that explains what the binary actually does. Then you notice something: $ strings ./binary | gre...

2026-05-10T10:37:00-03:00 2026-05-10T17:04:04-03:00 https://machinecase.com.br/posts/sea-node-defenseEvasion/ Felipe Romano

What is SEA (Single Executable Applications)? When a threat actor chooses Node.js SEA to deliver a payload, they are not making a development decision. They are making a detection decision. Node.js SEA was built to solve a legitimate problem: packaging an entire application into a single self-contained binary, with no requirement for the target to have a runtime installed. What lands on disk ...