NSEcho / cshelperenumerate
Enumerate running processes using com.apple.CodeSigningHelper
☆13Updated 5 months ago
Related projects: ⓘ
- Swift implementation of in-memory Mach-O loading on macOS☆61Updated 2 years ago
- Discover which process execute a hunted binary inside macOS☆24Updated 2 years ago
- CVE-2020–9934 POC☆20Updated 4 years ago
- ObjectiveC CLI tool for interacting with macOS Keychain☆71Updated last year
- ☆39Updated 2 months ago
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆37Updated 3 years ago
- Scripts (python3 and Swift) for macOS to recursively check /Applications and also check /usr/local/bin, /usr/bin, and /usr/sbin for binar…☆90Updated 2 years ago
- Helper scripts to automate the extraction of YARA rules from XProtectRemediators☆18Updated 6 months ago
- ESF modular ingestion tool for development and research.☆33Updated 2 years ago
- ☆28Updated 3 months ago
- Uses Apple's MDM protocol to backdoor a device with a malicious profile.☆49Updated 2 years ago
- macOS codesigning translocation vulnerability.☆42Updated 2 years ago
- Software installation scripts for macOS systems that allows you to setup a Virtual Machine (VM) for reverse engineering macOS malware☆28Updated 3 weeks ago
- machofile is a module to parse Mach-O binary files☆47Updated 7 months ago
- macOS Endpoint Security Message Analysis Tool☆45Updated 2 years ago
- Redirect spawned iOS application stdout and stderr to pty☆24Updated 8 months ago
- arm64 and arm64e dylib injector☆27Updated 7 months ago
- Utility to manipulate codesigned application in Mac OS X. Demonstrate the use of csops system call.☆69Updated 5 months ago
- Linking against PrivateFrameworks on macOS.☆15Updated 2 years ago
- My collection of PoCs☆24Updated 10 months ago
- A library to parse macOS LoginItems☆14Updated 2 years ago
- A RootKit for macOS that can perform kernel read/write, hook kernel and userspace functions, set custom conditional breakpoints, etc☆21Updated 2 years ago
- Discover DYLD_INSERT_LIBRARIES hijacks on macOS☆39Updated 2 years ago
- Hopper plugin to analyze ObjC runtime structures in the dyld_shared_cache☆22Updated 3 years ago
- Accompanying code for blog post "Mapping iOS Persistence Attack Surface using Corellium"☆9Updated 2 years ago
- This is a work-in-progress command line tool for reversing run-only AppleScripts. It will help parse the output of applescript-disassembl…☆61Updated 3 years ago
- Golang tool to dump useful information from a Mach-O binary☆35Updated 11 months ago
- Exploit for CVE-2023-32364☆21Updated 11 months ago
- ☆14Updated 11 months ago
- MacOS X process monitor using EndpointSecurity extension.☆33Updated 3 years ago