rhetenor/awesome-awesomeness
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
2d63fe63cdc259a8b0049caa7dfa409165087fa3
awesome-awesomeness/terminal/osxsecurity8
Jonas Zeunert 2d63fe63cd Restructure with Makefile + add html output
2024-04-20 19:22:54 +02:00

397 lines
46 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters
This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
osx-security-awesome !Awesome (https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg) (https://github.com/sindresorhus/awesome)!Travis 
(https://api.travis-ci.org/kai5263499/osx-security-awesome.svg?branch=master) (https://travis-ci.org/kai5263499/osx-security-awesome)
―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
A collection of OSX/iOS security related resources
⟡ News (#news)
⟡ Hardening (#hardening)
⟡ Malware sample sources (#malware-sample-sources)
⟡ DFIR (#digital-forensics--incident-response-dfir)
⟡ Reverse engineering (#reverse-engineering)
⟡ Presentations and Papers (#presentations-and-papers)
⟡ Virus and exploit writeups (#virus-and-exploit-writeups)
⟡ Useful tools and guides (#useful-tools-and-guides)
⟡ Remote Access Toolkits (#remote-access-toolkits)
⟡ Worth following on Twitter (#worth-following-on-twitter)
―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
News
―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――
Linking a microphone (https://ubrigens.com/posts/linking_a_microphone.html)
⟡ The Story of CVE-2018-4184 or how a vulnearbility in OSX's Speech system allowed apps with access to the microphone to escape sandbox restrictions
iOS vulnerability write-up (https://github.com/writeups/iOS)
⟡ A repository of iOS vulnerability write-ups as they are released
⟡ Also includes conference papers
iOS display bugs (https://docs.google.com/document/d/1TDCVavaqDJCFjcQxZsL6InzHxPEYWwMMMh9QtfRGjbY/edit)
⟡ Regularly updated list of iOS display bugs
Mac Virus (https://macviruscom.wordpress.com)
⟡ Frequently updated blog that provides a good summary of the latest unique mac malware.
Intego Mac Security Blog (https://www.intego.com/mac-security-blog/)
⟡ Intego's corporate Mac security blog often contains recent and in-depth analysis of mac malware and other security issues
Objective-See (https://objective-see.com/blog.html)
⟡ Objective-See's blog often contains in-depth breakdowns of malware they've reverse engineered and vulnarabilities they've discovered.
The Safe Mac (https://www.thesafemac.com/)
⟡ Resource to help educate Mac users about security issues. Contains historical as well as timely security updates.
Mac Security (https://macsecurity.net/news)
⟡ Another Mac security blog. This often includes more in-depth analysis of specific threats.
OSX Daily (https://osxdaily.com/)
⟡ Not strictly security-specific but it contains jailbreaking information which has security implications
Hardening
macops (https://github.com/google/macops)
⟡ Utilities, tools, and scripts for managing and tracking a fleet of Macintoshes in a corporate environment collected by Google
SUpraudit (http://newosxbook.com/tools/supraudit.html)
⟡ System monitoring tool
EFIgy (https://github.com/duo-labs/EFIgy)
⟡ A RESTful API and client that helps Apple Mac users determine if they are running the expected EFI firmware version given their Mac hardware and OS build version
Launchd (https://www.launchd.info/)
⟡ Everything you need to know about the launchd service
OSX startup sequence (http://osxbook.com/book/bonus/ancient/whatismacosx/arch_startup.html)
⟡ Step-by-step guide to the startup process
Google OSX hardening (https://www.usenix.org/conference/lisa13/os-x-hardening-securing-large-global-mac-fleet)
⟡ Google's system hardening guide
Run any command in a sandbox (https://www.davd.io/os-x-run-any-command-in-a-sandbox/)
⟡ How to for using OSX's sandbox system
Sandblaster (https://github.com/malus-security/sandblaster)
⟡ Reversing the Apple sandbox
⟡ Paper (https://arxiv.org/pdf/1608.04303.pdf)
OSX El Capitan Hardening Guide (https://github.com/ernw/hardening/blob/master/operating_system/osx/10.11/ERNW_Hardening_OS_X_EL_Captain.md)
⟡ Hardening guide for El Capitan
Hardening hardware and choosing a good BIOS (https://media.ccc.de/v/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge)
⟡ Protecting your hardware from "evil maid" attacks
Malware sample sources
Objective-See (https://objective-see.com/malware.html)
⟡ Curated list of malware samples. Use this list if you're looking for interesting samples to reverse engineer
Alien Vault (https://www.alienvault.com/blogs/labs-research/os-x-malware-samples-analyzed)
Contagio malware dump (http://contagiodump.blogspot.com/2013/11/osx-malware-and-exploit-collection-100.html)
Digital Forensics / Incident Response (DFIR)
APOLLO tool
⟡ Python tool for advanced forensics analysis
⟡ Presentation slides (https://github.com/mac4n6/Presentations/blob/master/LaunchingAPOLLO/LaunchingAPOLLO.pdf)
⟡ Source code (https://github.com/mac4n6/APOLLO)
venator (https://posts.specterops.io/introducing-venator-a-macos-tool-for-proactive-detection-34055a017e56)
⟡ Python tool for proactive detection tool for malware and trojans
⟡ Source (https://github.com/richiercyrus/Venator)
lynis (https://github.com/CISOfy/lynis/)
⟡ Security auditing tool for UNIX-based systems, including macOS
AutoMacTC (https://github.com/CrowdStrike/automactc)
⟡ Modular forensic triage collection framework (https://www.crowdstrike.com/blog/automating-mac-forensic-triage/) from CrowdStrike 
Legacy Exec History (https://github.com/knightsc/system_policy)
⟡ OSQuery module to give you a report of 32bit processes running on a 10.14 machine
Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage
 (https://www.mac4n6.com/blog/2018/8/5/knowledge-is-power-using-the-knowledgecdb-database-on-macos-and-ios-to-determine-precise-user-and-application-usage)
Artefacts for Mac OSX (http://sud0man.blogspot.com/2015/05/artefacts-for-mac-os-x.html?m=1)
⟡ Locations of sensitive files
Pac4Mac (https://github.com/sud0man/pac4mac)
⟡ Forensics framework
Inception (https://github.com/carmaa/inception)
⟡ Physical memory manipulation
Volafox (https://github.com/n0fate/volafox)
⟡ Memory analysis toolkit
Mac4n6 (https://github.com/pstirparo/mac4n6)
⟡ Collection of OSX and iOS artifacts
Keychain analysis with Mac OSX Forensics (https://repo.zenk-security.com/Forensic/Keychain%20Analysis%20with%20Mac%20OS%20X%20Memory%20Forensics.pdf)
OSX Collector (https://github.com/Yelp/osxcollector)
⟡ Forensics utility developed by Yelp
OSX incident response (https://www.youtube.com/watch?v=gNJ10Kt4I9E)
⟡ OSX incident response at GitHub Slides (https://speakerdeck.com/sroberts/hipster-dfir-on-osx-bsidescincy)
iOS Instrumentation without jailbreaking (https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/october/ios-instrumentation-without-jailbreak/)
⟡ How to debug an iOS application that you didn't create
Certo (https://www.certosoftware.com/)
⟡ Paid service for analyzing the iTunes backup of your iOS device
Blackbag Tech free tools (https://www.blackbagtech.com/resources/free-tools/)
OSX (Mac) Memory Acquisition and Analysis Using OSXpmem and Volatility (https://ponderthebits.com/2017/02/osx-mac-memory-acquisition-and-analysis-using-osxpmem-and-volatility/)
mac-apt (https://github.com/ydkhatri/mac_apt)
⟡ Mac Artifact Parsing Tool for processing full disk images and extracting useful information
⟡ The author also has a collection of DFIR scripts (https://github.com/ydkhatri/MacForensics)
Reverse engineering
New OS X Book (http://www.newosxbook.com/)
⟡ Frequently updated book on OSX internals
Collection of OSX reverse engineering resources (https://github.com/michalmalik/osx-re-101)
⟡ Another Awesome-style list dedicated to OSX reverse engineering resources
The iPhone Wiki (https://www.theiphonewiki.com/wiki/Main_Page)
Reverse engineering OSX (https://reverse.put.as/)
OSX crackmes (https://reverse.put.as/crackmes/)
⟡ A collection of puzzles to test your reverse engineering skills
Introduction to Reverse Engineering Cocoa Applications (https://www.fireeye.com/blog/threat-research/2017/03/introduction_to_reve.html)
⟡ Walkthrough for Coca applications
iOS Kernel source (https://github.com/apple/darwin-xnu)
⟡ Source code for iOS kernel
Reverse Engineering Challenges (https://challenges.re/)
⟡ Very good list of various crackme challenges that is categorized by level and OS
Awesome Reversing (https://github.com/tylerha97/awesome-reversing)
⟡ Awesome list dedicated to reversing
Presentations and Papers
Area41 2018: Daniel Roethlisberger: Monitoring MacOS For Malware And Intrusions (https://www.youtube.com/watch?v=OSSkBgn_xJs&feature=youtu.be)
Windshift APT (https://www.youtube.com/watch?v=Mza6qv4mY9I&feature=youtu.be&t=6h12m24s)
⟡ Deep-dive write-up by Objective See (https://objective-see.com/blog/blog_0x38.html)
Automated Binary Analysis on iOS A Case Study on Cryptographic Misuse in iOS Applications (https://pure.tugraz.at/ws/portalfiles/portal/17749575)
⟡ Examining iOS applications for poorly guarded secrets
Writing Bad @$$ Malware for OSX (https://www.youtube.com/watch?v=fv4l9yAL2sU)
⟡ Slides (https://www.slideshare.net/Synack/writing-bad-malware-for-os-x) and another related video (https://www.youtube.com/watch?v=oT8BKt_0cJw).
Methods of Malware Persistence on OSX (https://www.youtube.com/watch?v=rhhvZnA4VNY)
Advanced Mac OSX Rootkits (https://www.blackhat.com/presentations/bh-usa-09/DAIZOVI/BHUSA09-Daizovi-AdvOSXRootkits-SLIDES.pdf)
The Python Bytes Your Apple (https://speakerdeck.com/flankerhqd/the-python-bites-your-apple-fuzzing-and-exploiting-osx-kernel-bugs) 
⟡ Fuzzing and exploiting OSX kernel bugs
Breaking iOS Code Signing (https://papers.put.as/papers/ios/2011/syscan11_breaking_ios_code_signing.pdf)
The Apple Sandbox - 5 years later (http://newosxbook.com/files/HITSB.pdf)
Practical iOS App Hacking (https://papers.put.as/papers/ios/2012/Mathieu-RENARD-GreHACK-Practical-iOS-App-Hacking.pdf)
Behavioral Detection and Prevention of Malware on OS X (https://www.virusbulletin.com/blog/2016/september/paper-behavioural-detection-and-prevention-malware-os-x/)
Security on OSX and iOS (https://www.youtube.com/watch?v=fdxxPRbXPsI)
⟡ Slides (https://www.slideshare.net/nosillacast/security-on-the-mac)
Thunderstrike (https://trmm.net/Thunderstrike_31c3)
⟡ Video (https://www.youtube.com/watch?v=5BrdX7VdOr0), hacking Mac's extensible firmware interface (EFI)
Direct Memory Attack the Kernel (https://github.com/ufrisk/presentations/blob/master/DEFCON-24-Ulf-Frisk-Direct-Memory-Attack-the-Kernel-Final.pdf)
Don't trust your eye, Apple graphics is compromised (https://speakerdeck.com/marcograss/dont-trust-your-eye-apple-graphics-is-compromised)
⟡ security flaws in IOKit's graphics acceleration that lead to exploitation from the browser
Fuzzing and Exploiting OSX Vulnerabilities for Fun and Profit Complementary Active & Passive Fuzzing
 (https://www.slideshare.net/PacSecJP/moony-li-pacsec18?qid=15552f01-6655-4555-9894-597d62fd803c)
Strolling into Ring-0 via I/O Kit Drivers (https://speakerdeck.com/patrickwardle/o-kit-drivers)
Juice Jacking (https://www.youtube.com/watch?v=TKAgemHyq8w)
Attacking OSX for fun and profit tool set limiations frustration and table flipping Dan Tentler (https://www.youtube.com/watch?v=9T_2KYox9Us)
⟡ Follow-up from target (https://www.youtube.com/watch?v=bjYhmX_OUQQ)
Building an EmPyre with Python (https://www.youtube.com/watch?v=79qzgVTP3Yc)
PoisonTap (https://www.youtube.com/watch?v=Aatp5gCskvk)
Storing our Digital Lives - Mac Filesystems from MFS to APFS (https://www.youtube.com/watch?v=uMfmgcnrn24)
⟡ slides (http://macadmins.psu.edu/files/2017/07/psumac2017-174-Storing-our-digital-lives-Mac-filesystems-from-MFS-to-APFS.key-254bf2y.pdf)
Collection of mac4en6 papers/presentations (https://drive.google.com/drive/folders/0B37-sa0Wh9_TdjVSbzRvMEVGQ2c)
The Underground Economy of Apple ID (https://www.youtube.com/watch?v=4acVKs9WPts)
iOS of Sauron: How iOS Tracks Everything You Do (https://www.youtube.com/watch?v=D6cSiHpvboI)
macOS/iOS Kernel Debugging and Heap Feng Shui (https://github.com/zhengmin1989/MyArticles/blob/master/PPT/DEFCON-25-Min-Spark-Zheng-macOS-iOS-Kernel-Debugging.pdf)
Billy Ellis iOS/OSX hacking YouTube channel (https://www.youtube.com/channel/UCk2sx_3FUkKvDGlIhdUQa8A)
A Technical Autopsy of the Apple - FBI Debate using iPhone forensics | SANS DFIR Webcast (https://www.youtube.com/watch?v=_q_2mN8U91o)
Jailbreaking Apple Watch at DEFCON-25 (https://www.youtube.com/watch?v=eJpbi-Qz6Jc)
SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles (http://www.icri-sc.org/fileadmin/user_upload/Group_TRUST/PubsPDF/sandscout-final-ccs-2016.pdf)
⟡ An exploration of the sandbox protections policies
⟡ Presentation (https://www.youtube.com/watch?v=TnwXEDCIowQ)
Virus and exploit writeups
Detailed Analysis of macOS/iOS Vulnerability CVE-2019-6231 (https://www.fortinet.com/blog/threat-research/detailed-analysis-of-macos-ios-vulnerability-cve-2019-6231.html)
⟡ Exploration of QuartzCore/CoreAnimation flaw leading to a malicious application being able to read restricted memory.
kernelcache laundering (https://github.com/Synacktiv-contrib/kernelcache-laundering)
⟡ Load iOS12 kernelcaches and PAC code in IDA
blanket (https://github.com/bazad/blanket)
⟡ Proof of concept for CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6
Proof of Concept for Remote Code Execution in WebContent (https://github.com/externalist/exploit_playground/blob/master/CVE-2018-4233/pwn_i8.js)
⟡ MachO tricks (https://iokit.racing/machotricks.pdf) - Appears to be slides from a presentation that ends with the CVE listed above
There's Life in the Old Dog Yet: Tearing New Holes into Intel/iPhone Cellular Modems
 (https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/)
⟡ How the public warning system can be used as an attack vector 
I can be Apple, and so can you (https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/)
⟡ An exploration of a code signing vulnerability in macOS that has persisted for 11 years
⟡ Creating signed and customized backdoored macos apps
 (https://medium.com/@adam.toscher/creating-signed-and-customized-backdoored-macos-applications-by-abusing-apple-developer-tools-b4cbf1a98187)
Leveraging emond on macOS for persistence (https://posts.specterops.io/leveraging-emond-on-macos-for-persistence-a040a2785124)
APFS credential leak vulnerability
 (https://www.mac4n6.com/blog/2018/3/21/uh-oh-unified-logs-in-high-sierra-1013-show-plaintext-password-for-apfs-encrypted-external-volumes-via-disk-utilityapp)
⟡ A flaw in Unified Logs leaks the password for encrypted APFS volumes
A fun XNU infoleak (https://bazad.github.io/2018/03/a-fun-xnu-infoleak/)
Meltdown
⟡ CPU flaw allowing kernel memory to be accessed by hijacking speculative
 execution
⟡ Proof of concept (https://github.com/gkaindl/meltdown-poc)
⟡ Apple's statement (https://support.apple.com/en-us/HT208394)
⟡ Measuring OSX meltdown patches performance (https://reverse.put.as/2018/01/07/measuring-osx-meltdown-patches-performance/)
⟡ iPhone performance after Spectre patch (https://www.gsmarena.com/spectre_and_meltdown_testing_performance_impact_on_iphone_8_plus-news-29132.php)
Flashback (https://www.cnet.com/news/more-than-600000-macs-infected-with-flashback-botnet/)
⟡ Detailed analysis (https://www.intego.com/mac-security-blog/more-about-the-flashback-trojan-horse/)
Flashback pt 2 (https://www.intego.com/mac-security-blog/flashback-botnet-is-adrift/)
iWorm (https://www.thesafemac.com/iworm-method-of-infection-found/)
⟡ Detailed analysis (https://www.intego.com/mac-security-blog/iworm-botnet-uses-reddit-as-command-and-control-center/)
Thunderbolt (https://www.theregister.co.uk/2015/01/08/thunderstrike_shocks_os_x_with_first_firmware_bootkit/)
⟡ Firmware bootkit
Malware in firmware: how to exploit a false sense of security (https://www.welivesecurity.com/2017/10/19/malware-firmware-exploit-sense-security/)
⟡ A post on the resurgence of bootkits and how to defend against them
Proton RAT (https://www.cybereason.com/blog/labs-proton-b-what-this-mac-malware-actually-does)
⟡ Exploration of a Remote Access Toolkit
Mokes (https://thehackernews.com/2016/09/cross-platform-malware.html)
MacKeeper (https://www.cultofmac.com/170522/is-mackeeper-really-a-scam/)
OpinionSpy (https://www.thesafemac.com/opinionspy-is-back/)
Elanor (https://blog.malwarebytes.com/cybercrime/2016/07/new-mac-backdoor-malware-eleanor/)
Mac Defender (https://macsecurity.net/view/79-remove-mac-defender-virus-from-mac-os-x)
Wire Lurker (https://www.paloaltonetworks.com/resources/research/unit42-wirelurker-a-new-era-in-ios-and-os-x-malware.html)
KeRanger (https://techcrunch.com/2016/03/07/apple-has-shut-down-the-first-fully-functional-mac-os-x-ransomware/)
⟡ First OSX ransomware
Proof-of-concept USB attack (https://www.ehackingnews.com/2016/09/a-usb-device-can-steal-credentials-from.html)
Dark Jedi (https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/)
EFI attack that exploits a vulnerability in suspend-resume cycle Sentinel One write-up (https://www.sentinelone.com/blog/reverse-engineering-mac-os-x/)
XAgent Mac Malware Used In APT-28 (https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/)
⟡ Samples (http://contagiodump.blogspot.com/2017/02/russian-apt-apt28-collection-of-samples.html)
Juice Jacking (https://www.howtogeek.com/166497/htg-explains-what-is-juice-jacking-and-how-worried-should-you-be/)
Local Privilege Escalation for macOS 10.12.2 and XNU port Feng Shui (https://github.com/zhengmin1989/macOS-10.12.2-Exp-via-mach_voucher)
Ian Beer, Google Project Zero: "A deep-dive into the many flavors of IPC available on OS X." (https://www.youtube.com/watch?v=D1jNCy7-g9k)
⟡ Deep dive into the interprocess communication and its design flaws
PEGASUS iOS Kernel Vulnerability Explained (https://sektioneins.de/en/blog/16-09-02-pegasus-ios-kernel-vulnerability-explained.html)
Analysis of iOS.GuiInject Adware Library (https://www.sentinelone.com/blog/analysis-ios-guiinject-adware-library/)
Broadpwn (https://blog.exodusintel.com/2017/07/26/broadpwn/)
⟡ Gaining access through the wireless subsystem
Reverse Engineering and Abusing Apple Call Relay Protocol (https://www.martinvigo.com/diy-spy-program-abusing-apple-call-relay-protocol/)
⟡ Details the discovery of a vulnerability in Apple's Call handoff between mobile and desktop through analyzing network traffic.
Exploiting the Wifi Stack on Apple Devices
Google's Project Zero series of articles that detail vulnerabilities in the wireless stack used by Apple Devices
  ⟡ Over The Air: Exploiting Broadcoms Wi-Fi Stack (Part 1) (https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html)
  ⟡ Over The Air: Exploiting Broadcoms Wi-Fi Stack (Part 2) (https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html)
  ⟡ Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices (https://googleprojectzero.blogspot.com/2017/09/over-air-vol-2-pt-1-exploiting-wi-fi.html)
  ⟡ Over The Air - Vol. 2, Pt. 2: Exploiting The Wi-Fi Stack on Apple Devices (https://googleprojectzero.blogspot.com/2017/10/over-air-vol-2-pt-2-exploiting-wi-fi.html)
  ⟡ Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices (https://googleprojectzero.blogspot.com/2017/10/over-air-vol-2-pt-3-exploiting-wi-fi.html)
ChaiOS bug (https://www.grahamcluley.com/chaios-bug-crash-ios-macos-messages/)
⟡ A message that crashes iMessage
⟡ Looks similar to previous (https://arstechnica.com/gadgets/2013/08/rendering-bug-crashes-os-x-and-ios-apps-with-string-of-arabic-characters/) bugs 
(https://www.intego.com/mac-security-blog/crash-text-message-iphone/) rendering Arabic characters
Useful tools and guides
Mac@IBM (https://github.com/IBM/mac-ibm-enrollment-app)
⟡ Mac enrollment helper provided by IBM
mOSL (https://github.com/0xmachos/mOSL)
⟡ Audit and fix macOS High Sierra (10.13.x) security settings
Darling (https://github.com/darlinghq/darling)
⟡ Darwin/macOS emulation layer for Linux
Kemon (https://github.com/didi/kemon)
⟡ Open source kernel monitoring
jelbrektime (https://github.com/kai5263499/jelbrekTime)
⟡ Developer jailbreak for Apple Watch
Booting Secure (http://michaellynn.github.io/2018/07/27/booting-secure/)
⟡ Deep dive into Secure Boot on 2018 MacBook Pro
Tutorial - emulate an iOS kernel in QEMU up to launchd and userspace (https://worthdoingbadly.com/xnuqemu2/)
⟡ Tutorial on getting an iOS kernel to run in QEMU
xnumon (https://www.roe.ch/xnumon)
⟡ Monitor macOS for malicious activity
⟡ source (https://github.com/droe/xnumon)
DetectX (https://sqwarq.com/detectx/)
⟡ Audits system artifacts to help you identify unknown and novel threats
Are you really signed? (https://github.com/Sentinel-One/macos-are-you-really-signed)
⟡ Utility to test for code-sign bypass vulnerability
osx security growler (https://github.com/pirate/security-growler)
⟡ Mac menubar item that lets you know about security events on your system
mac-a-mal (https://github.com/phdphuc/mac-a-mal)
⟡ Automated malware analysis on macOS
jrswizzle (https://github.com/rentzsch/jrswizzle)
⟡ method interface exchange
MacDBG (https://github.com/blankwall/MacDBG)
⟡ C and Python debugging framework for OSX
bitcode_retriever (https://github.com/AlexDenisov/bitcode_retriever)
⟡ store and retrieve bitcode from Mach-O binary
machotools (https://github.com/enthought/machotools)
⟡ retrieve and change information about mach-o files
onyx-the-black-cat (https://github.com/acidanthera/onyx-the-black-cat) (outdated original (https://github.com/gdbinit/onyx-the-black-cat))
⟡ kernel module for OSX to defeat anti-debugging protection
create-dmg (https://github.com/andreyvit/create-dmg)
⟡ CLI utility for creating and modifying DMG files
dmg2iso (https://sourceforge.net/projects/dmg2iso/?source=typ_redirect)
⟡ convert dmg to iso
Infosec Homebrew (https://github.com/kai5263499/homebrew-infosec)
⟡ Homebrew tap for security-related utilities
Awesome OSX Command Line (https://github.com/herrbischoff/awesome-macos-command-line)
⟡ Collection of really useful shell commands
Keychain dump (https://github.com/juuso/keychaindump)
⟡ Dump keychain credentials
KnockKnock (https://objective-see.com/products/knockknock.html)
⟡ Listing startup items. Also includes VirusTotal information
Lingon-X (https://www.peterborgapps.com/lingon/)
⟡ GUI for launchd
Hopper (https://www.hopperapp.com/)
⟡ Excellent OSX debugger (requires license)
Symhash (https://github.com/threatstream/symhash)
⟡ Python utility for generating imphash fingerprints for OSX binaries
KisMac2 (https://github.com/IGRSoft/KisMac2)
⟡ Wireless scanning and packet capturing
Passive fuzz framework (https://github.com/SilverMoonSecurity/PassiveFuzzFrameworkOSX)
⟡ Framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode
Platypus (https://sveinbjorn.org/platypus)
⟡ GUI for generating .app bundles
createOSXinstallPkg (https://github.com/munki/createOSXinstallPkg)
⟡ CLI for generating .pkg installers
PoisonTap (https://github.com/samyk/poisontap)
Chipsec (https://github.com/chipsec/chipsec)
⟡ System firmware checker by Intel
Revisiting Mac OS X Kernel Rootkits by Phrack Magazine (http://phrack.org/issues/69/7.html)
⟡ A collection of OSX rootkit ideas
iPhone Data Protection in Depth
 (http://conference.hackinthebox.org/hitbsecconf2011ams/materials/D2T2%20-%20Jean-Baptiste%20Be%CC%81drune%20&%20Jean%20Sigwald%20-%20iPhone%20Data%20Protection%20in%20Depth.pdf)
Cycript (http://www.cycript.org/)
⟡ Remote control library for fuzz testing iOS apps
ChaoticMarch (https://github.com/synack/chaoticmarch)
⟡ Blackbox fuzz testing for iOS apps (requires jailbreak)
iOS backup decrypt script (https://stackoverflow.com/questions/1498342/how-to-decrypt-an-encrypted-apple-itunes-iphone-backup)
⟡ Contains a script for decrypting an encrypted iOS backup archive
Remote Packet Capture for iOS Devices (https://useyourloaf.com/blog/remote-packet-capture-for-ios-devices/)
⟡ Use a remote virtual interface to capture packets from a tethered iOS device
⟡ Python utility (https://thrysoee.dk/iospcap/)
⟡ Another python utility (https://github.com/gh2o/rvi_capture)
Pareto Security (https://paretosecurity.app/)
⟡ A MenuBar app to automatically audit your Mac for basic security hygiene.
Mana Security (https://manasecurity.com/)
⟡ Vulnerability Management app for individuals. It helps to keep macOS and installed applications updated.
cnspec (https://cnspec.io/)
⟡ Open source vulnerability and misconfiguration scanning for macOS hosts + much more.
Intro To IOS Malware Detection (https://8ksec.io/mobile-malware-analysis-part-4-intro-to-ios-malware-detection/)
⟡ iOS malware, its types, methods of gathering forensics information
Ipsw Walkthrough (https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/)
⟡ Part one that covers basic uses
Remote Access Toolkits
Empyre (https://github.com/EmpireProject/EmPyre)
Bella (https://github.com/kai5263499/Bella)
Stitch (https://nathanlopez.github.io/Stitch/)
Pupy (https://github.com/n1nj4sec/pupy)
EggShell surveillance tool (https://github.com/neoneggplant/EggShell) - Works on OSX and jailbroken iOS
EvilOSX (https://github.com/Marten4n6/EvilOSX) - Pure python post-exploitation toolkit
Worth following on Twitter
⟡ @patrickwardle (https://twitter.com/patrickwardle)
⟡ @objective_see (https://twitter.com/objective_see)
⟡ @0xAmit (https://twitter.com/0xAmit)
⟡ @osxreverser (https://twitter.com/osxreverser)
⟡ @liucoj (https://twitter.com/liucoj)
⟡ @osxdaily (https://twitter.com/osxdaily)
⟡ @iamevltwin (https://twitter.com/iamevltwin)
⟡ @claud_xiao (https://twitter.com/claud_xiao)
⟡ @JPoForenso (https://twitter.com/JPoForenso)
⟡ @patrickolsen (https://twitter.com/patrickolsen)
Other OSX Awesome lists
⟡ ashishb/osx-and-ios-security-awesome (https://github.com/ashishb/osx-and-ios-security-awesome)
Reference in New Issue View Git Blame Copy Permalink