BlackSquirrelz / nidaba
Some thingy that copies macOS specific forensic artifacts to the location where the script is run from and also generates some folders. Best run on a USB Stick or external drive.
☆14Updated 2 years ago
Related projects: ⓘ
- A minimal malware analysis sandbox for macOS☆26Updated last year
- Parser fo macOS/iOS FSEvents Logs☆21Updated 4 months ago
- machofile is a module to parse Mach-O binary files☆47Updated 7 months ago
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆37Updated 3 years ago
- Forensic Artifact Collection Tool for macOS☆95Updated this week
- Swift Command line tool used for proactive detection of malicious activity on macOS systems.☆68Updated 4 years ago
- Curated list of tools, techniques and resources related to Apple Security (macOS, iOS, iPadOS, tvOS, watchOS) aimed to help people with a…☆21Updated 11 months ago
- Software installation scripts for macOS systems that allows you to setup a Virtual Machine (VM) for reverse engineering macOS malware☆28Updated 3 weeks ago
- Helper scripts to automate the extraction of YARA rules from XProtectRemediators☆18Updated 6 months ago
- A small tool to easily mount APFS image on macOS for forensics.☆14Updated 4 years ago
- Tools for macOS Forensic Bootable media☆15Updated 4 years ago
- A triage data collection script for macOS☆25Updated 3 years ago
- Uses Apple's MDM protocol to backdoor a device with a malicious profile.☆49Updated 2 years ago
- Discover which process execute a hunted binary inside macOS☆24Updated 2 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆20Updated 3 years ago
- WLEAPP is an open source project that aims to parse Windows OS artifacts for the purpose of triage analysis.☆30Updated 10 months ago
- https://wojciechregula.blog/post/macos-red-teaming-get-ad-credentials-from-nomad/☆39Updated 2 years ago
- Just Another broken Registry Parser (JARP)☆15Updated 3 months ago
- ☆28Updated 3 months ago
- Enumerate Location Services using CoreLocation API on macOS☆16Updated 2 years ago
- Scripts and tools created for appx analysis talk (Magnet summit 2019)☆13Updated 6 months ago
- ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.☆34Updated last year
- A Swift port of some of the original PersistentJXA projects by D00MFist. Original PersistentJXA repo: https://github.com/D00MFist/Persist…☆30Updated 3 years ago
- ☆17Updated this week
- macOS Endpoint Security Message Analysis Tool☆45Updated 2 years ago
- A library to parse macOS LoginItems☆14Updated 2 years ago
- Slides and material from my conference presentations☆13Updated 5 months ago
- A simple utility for stripping out either the SHA-1, MD5 or CRC values alone from the NSRL hash database☆14Updated 2 years ago
- JXA script to allow programmatic persistence via macOS Calendar.app alerts.☆40Updated 3 years ago
- ESF modular ingestion tool for development and research.☆33Updated 2 years ago