Mapping XProtect's obfuscated malware family names to common industry names.
☆94Nov 14, 2025Updated 3 months ago
Alternatives and similar repositories for XProtect-Malware-Families
Users that are interested in XProtect-Malware-Families are comparing it to the libraries listed below
Sorting:
- Helper scripts to automate the extraction of YARA rules from XProtectRemediators☆22Mar 5, 2024Updated 2 years ago
- A ruleset to find potentially malicious code in macOS malware samples☆40Aug 29, 2023Updated 2 years ago
- List of legitimate macOS apps doing not great things☆35Feb 11, 2022Updated 4 years ago
- ☆56Jul 1, 2024Updated last year
- macOS XProtect definition files☆40Mar 25, 2022Updated 3 years ago
- A cross platform parser for Apple UnifiedLogs!☆331Feb 15, 2026Updated 2 weeks ago
- Scripts (python3 and Swift) for macOS to recursively check /Applications and also check /usr/local/bin, /usr/bin, and /usr/sbin for binar…☆98Sep 14, 2022Updated 3 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Decloak Linux stealth rootkits hiding data with this simple memory mapped IO investigation tool.☆29Sep 29, 2025Updated 5 months ago
- Conceptual Methods for Finding Commonalities in Macho Files☆12Mar 21, 2024Updated last year
- JavaScript for Automation (JXA) version of Patrick Wardle's tool that searches applications for dylib hijacking opportunities☆22Aug 6, 2019Updated 6 years ago
- ☆18Apr 4, 2019Updated 6 years ago
- File Monitor Library (based on Apple's new Endpoint Security Framework)☆375Oct 9, 2022Updated 3 years ago
- Swift code to programmatically perform dylib injection☆52Oct 29, 2022Updated 3 years ago
- A Threat hunter's playbook to aid the development of techniques and hypothesis for hunting campaigns.☆14Jul 18, 2018Updated 7 years ago
- Notifies the user when macOS Security components like Gatekeeper and XProtect have been updated☆61Mar 12, 2021Updated 4 years ago
- A library to parse macOS FsEvents☆24Aug 28, 2022Updated 3 years ago
- Process Monitor Library (based on Apple's new Endpoint Security Framework)☆493Oct 20, 2023Updated 2 years ago
- A module to expose the Endpoint Security library to Swift☆20Jul 10, 2019Updated 6 years ago
- Indicators of compromise relating to our report on APT10's targeting of global MSPs☆10Sep 26, 2017Updated 8 years ago
- Generic ransomware detector☆103Updated this week
- This is a work-in-progress command line tool for reversing run-only AppleScripts. It will help parse the output of applescript-disassembl…☆71Jan 12, 2021Updated 5 years ago
- a open source rat from china☆26Oct 28, 2016Updated 9 years ago
- ☆24Jul 17, 2025Updated 7 months ago
- Miscellaneous IDA scripts and projects☆15Apr 14, 2021Updated 4 years ago
- Queries for parsed spotlight database in sqlite☆13Dec 29, 2020Updated 5 years ago
- Test Azure environment for MFA misconfigurations☆12Jan 13, 2023Updated 3 years ago
- ☆12Oct 22, 2025Updated 4 months ago
- Python tool to find vulnerable AD object and generating csv report☆26Jul 4, 2022Updated 3 years ago
- Phorion Kronos is a macOS security tool designed to enhance Apple's Transparency Consent and Control (TCC) security and privacy mechanism…☆80Nov 21, 2023Updated 2 years ago
- Python scripts for parsing IDA TIL files.☆31Jul 16, 2021Updated 4 years ago
- A user-mode application authorization system for MacOS written in Swift☆301Sep 18, 2020Updated 5 years ago
- cloud-based interactive security exercises☆14Jul 13, 2020Updated 5 years ago
- A library for fast parse & import of Windows Master File Table($MFT) into Elasticsearch.☆12Jun 23, 2025Updated 8 months ago
- Every OS X/ macOS white paper☆114Apr 14, 2020Updated 5 years ago
- Slides and material from my conference presentations☆16Mar 30, 2024Updated last year
- Take a list of URIs and print all the of the paths☆10Aug 16, 2020Updated 5 years ago
- Duo MFA auditing tool to test users' likelihood of approving unexpected push notifications☆13Apr 20, 2018Updated 7 years ago
- ☆11Mar 12, 2021Updated 4 years ago