BlackSquirrelz / nidaba
Some thingy that copies macOS specific forensic artifacts to the location where the script is run from and also generates some folders. Best run on a USB Stick or external drive.
☆14Updated last week
Related projects ⓘ
Alternatives and complementary repositories for nidaba
- A minimal malware analysis sandbox for macOS☆26Updated last year
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆38Updated 3 years ago
- machofile is a module to parse Mach-O binary files☆48Updated 9 months ago
- Parser fo macOS/iOS FSEvents Logs☆26Updated 6 months ago
- Software installation scripts for macOS systems that allows you to setup a Virtual Machine (VM) for reverse engineering macOS malware☆28Updated 3 weeks ago
- Tools for macOS Forensic Bootable media☆15Updated 4 years ago
- Helper scripts to automate the extraction of YARA rules from XProtectRemediators☆18Updated 8 months ago
- Forensic Artifact Collection Tool for macOS☆98Updated 2 months ago
- Slides and material from my conference presentations☆14Updated 7 months ago
- A small tool to easily mount APFS image on macOS for forensics.☆14Updated 4 years ago
- Swift Command line tool used for proactive detection of malicious activity on macOS systems.☆68Updated 4 years ago
- macOS Endpoint Security Message Analysis Tool☆44Updated 2 years ago
- Mapping XProtect's obfuscated malware family names to common industry names.☆82Updated 6 months ago
- ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.☆34Updated last year
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆20Updated 3 years ago
- Just Another broken Registry Parser (JARP)☆16Updated 5 months ago
- Uses Apple's MDM protocol to backdoor a device with a malicious profile.☆50Updated 3 years ago
- Discover which process execute a hunted binary inside macOS☆24Updated 2 years ago
- Enumerate Location Services using CoreLocation API on macOS☆17Updated 2 years ago
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆31Updated last year
- macOS forensic timeline generator using the analysis result DBs of mac_apt☆89Updated last year
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆13Updated 2 years ago
- https://wojciechregula.blog/post/macos-red-teaming-get-ad-credentials-from-nomad/☆39Updated 2 years ago
- ☆30Updated 5 months ago
- A library to parse macOS LoginItems☆15Updated 2 years ago
- A Swift port of some of the original PersistentJXA projects by D00MFist. Original PersistentJXA repo: https://github.com/D00MFist/Persist…☆30Updated 3 years ago
- Windows 10 Live Information viewer☆33Updated 2 years ago
- Phorion Kronos is a macOS security tool designed to enhance Apple's Transparency Consent and Control (TCC) security and privacy mechanism…☆71Updated last year
- Scripts and tools created for appx analysis talk (Magnet summit 2019)☆13Updated 8 months ago
- ☆21Updated last month