macOS persistence tool
☆229Feb 9, 2022Updated 4 years ago
Alternatives and similar repositories for PoisonApple
Users that are interested in PoisonApple are comparing it to the libraries listed below
Sorting:
- Collection of macOS persistence methods and miscellaneous tools in JXA☆288Aug 3, 2023Updated 2 years ago
- Payload designed for targeting Jamf enrolled devices.☆39May 19, 2023Updated 2 years ago
- ObjectiveC CLI tool for interacting with macOS Keychain☆82Oct 10, 2022Updated 3 years ago
- A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens☆341Apr 28, 2022Updated 3 years ago
- JXA script to allow programmatic persistence via macOS Calendar.app alerts.☆44Oct 31, 2020Updated 5 years ago
- macOS Initial Access Payload Generator☆323Jan 10, 2024Updated 2 years ago
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆40Jul 27, 2021Updated 4 years ago
- ☆15May 26, 2021Updated 4 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Proxy Unix applications in the terminal☆116Apr 14, 2021Updated 4 years ago
- Execute MachO binaries in memory using CGo☆79May 24, 2021Updated 4 years ago
- PCIDriverKit proof-of-concept for CVE-2022-26763☆37Jul 2, 2022Updated 3 years ago
- ☆108Oct 14, 2021Updated 4 years ago
- Self-developed tools for Lateral Movement/Code Execution☆719Aug 17, 2021Updated 4 years ago
- Red Team tool for exfiltrating the target organization's Google People Directory that you have access to, via Google's API.☆58Sep 2, 2021Updated 4 years ago
- Overlord - Red Teaming Infrastructure Automation☆628May 28, 2024Updated last year
- Browser based rce for iOS <= 14.3☆10May 26, 2025Updated 9 months ago
- JXA situational awareness helper by simply reading specific files on a filesystem☆82Feb 17, 2026Updated last month
- Swift code to programmatically perform dylib injection☆52Oct 29, 2022Updated 3 years ago
- Zoom Persistence Aggressor and Handler☆55Mar 24, 2021Updated 4 years ago
- Uses Apple's MDM protocol to backdoor a device with a malicious profile.☆57Oct 12, 2021Updated 4 years ago
- ☆121Jun 17, 2022Updated 3 years ago
- Router socks. One port socks for all the others.☆69May 22, 2024Updated last year
- d(ockerp)wn - a docker pwn tool manager☆156Jun 8, 2021Updated 4 years ago
- Pass the Hash to a named pipe for token Impersonation☆146May 1, 2021Updated 4 years ago
- Rules Shared by the Community from 100 Days of YARA 2023 -☆18Apr 10, 2023Updated 2 years ago
- A VSCode devcontainer for development of COFF files with batteries included.☆50Jul 10, 2023Updated 2 years ago
- Example VBA Macro for MacOS Mojave☆67Oct 31, 2018Updated 7 years ago
- ☆576Jul 12, 2025Updated 8 months ago
- JXA script for Mythic that prints the TCC.db☆15Apr 18, 2021Updated 4 years ago
- (kinda) Malicious Outlook Reader☆138Mar 3, 2021Updated 5 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…☆526Feb 25, 2026Updated 3 weeks ago
- Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing…☆1,735Jan 16, 2026Updated 2 months ago
- A PE/ELF/MachO Crypter for x86 and x86_64 Based on Radare2☆139Jan 5, 2023Updated 3 years ago
- A Swift port of some of the original PersistentJXA projects by D00MFist. Original PersistentJXA repo: https://github.com/D00MFist/Persist…☆34Apr 15, 2021Updated 4 years ago
- ☆17Sep 10, 2021Updated 4 years ago
- credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege☆123May 22, 2021Updated 4 years ago
- Cobalt Strike C2 Reverse proxy that fends off Blue Teams, AVs, EDRs, scanners through packet inspection and malleable profile correlation☆991Oct 7, 2022Updated 3 years ago