Derek Skipwith GitHub avatar

macOS Security Researcher

Derek Skipwith

Low-Level Systems Developer · Open Source Maintainer · Security Research

Summary

Security-focused systems developer with a public GitHub portfolio of 267 repositories and 2.9k followers, centered on macOS internals, UEFI/EFI research, AppleScript threat analysis, and legacy XNU security education. Builds reproducible research scaffolds, VM-oriented test workflows, and clear safety documentation for authorized labs.

Selected Projects

AppleScript Malware Collection

macOS malware analysis corpus

2025 · AppleScript
  • Curated a public archive of AppleScript-based macOS malware samples for reverse engineering, threat modeling, and blue-team training.
  • Organized sample families around persistence, downloader behavior, browser automation abuse, native-dialog phishing, hybrid payloads, and obfuscation patterns.
  • Documented safe analysis expectations for isolated macOS virtual machines and emphasized lawful educational use throughout the repository.

Mac_EFI_Bootkit

Educational UEFI/macOS firmware research toolkit

2025 · Python, Assembly
  • Built an educational EFI research toolkit covering PE/COFF wrapping, FAT32 ESP inspection, payload assembly, and QEMU/OVMF based VM validation.
  • Added extraction, device-inspection, build automation, unit-test, and safety-guide components to make firmware research workflows reproducible in authorized labs.

macOS Internals Research Scaffolds

macOS-rootkit, GhostRoot, SpectreRoot

2025 · C, C++, ObjC, Python
  • Developed modular legacy-macOS research scaffolds for studying XNU process metadata, Mach task interfaces, launch services visibility, KEXT loading models, and userland instrumentation.
  • Structured projects into focused modules with architecture notes, build outputs, symbol tooling, and language-mixed components across C, C++, Objective-C/Objective-C++, Python, Shell, and Assembly.

Open Source Profile

  • Maintains a large public GitHub presence with 267 repositories, 2.9k followers, and pinned projects spanning macOS security, firmware experimentation, malware analysis, and systems tooling.
  • Writes README-driven projects with explicit warnings, target-environment notes, dependency lists, and educational disclaimers for sensitive security research.
  • Demonstrates broad platform fluency across macOS, UEFI, XNU/Mach, AppleScript automation, FAT32/ESP structures, QEMU/OVMF, and legacy kernel-extension workflows.

Skills

Languages
C, C++, Objective-C, Objective-C++, Python, Assembly, Shell, AppleScript, Make
Systems
macOS internals, XNU/Mach APIs, UEFI/EFI, PE/COFF, FAT32 ESPs, legacy KEXT workflows
Security
macOS malware analysis, reverse-engineering workflows, threat modeling, sandboxed analysis
Tools
Git, QEMU, OVMF, NASM, Xcode CLI tools, pytest/unittest, lldb/gdb, codesign, spctl

Education

[School / Program] · [Degree or Certification] · [Graduation Year]