By Johannes B. Ullrich, Ph.D. Slightly Broken Overlay Phishing
https://isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/
MacOS Code Injection via Third Party Frameworks
https://www.trustedsec.com/blog/macos-injection-via-third-party-frameworks
Snort/ClamAV Cobalt Strike Detection
https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html#more
More Here