A ruleset to find potentially malicious code in macOS malware samples
☆40Aug 29, 2023Updated 2 years ago
Alternatives and similar repositories for macos-ttps-yara
Users that are interested in macos-ttps-yara are comparing it to the libraries listed below
Sorting:
- Mapping XProtect's obfuscated malware family names to common industry names.☆94Nov 14, 2025Updated 3 months ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- HashiCorp-relevant rules for the Semgrep code analysis tool☆41Oct 3, 2023Updated 2 years ago
- ☆12Jun 22, 2022Updated 3 years ago
- Loads a program into a memfd and runs it.☆11May 22, 2022Updated 3 years ago
- ☆56Jul 1, 2024Updated last year
- ☆16Jul 17, 2024Updated last year
- Synapse Rapid Power-up for SinkDB☆11Jun 24, 2025Updated 8 months ago
- A triage data collection script for macOS☆29Nov 27, 2020Updated 5 years ago
- ☆11Jun 22, 2023Updated 2 years ago
- A malware scanner with Yara and ClamAV binding☆12Apr 16, 2025Updated 10 months ago
- Welcome to the Pressidium® Yara Rules repository. This section contains a carefully curated collection of Yara rules specifically designe…☆15Nov 5, 2023Updated 2 years ago
- The V0 rust IMAP + SMTP server that reads email via imap, generates a zk proofs either locally or on an on-demand AWS machine with modal,…☆12Mar 27, 2024Updated last year
- Golang Shlyuz Implant Implementation☆13May 23, 2025Updated 9 months ago
- A zero dependency and customizable Python library for scanning Windows and Linux process memory.☆66Feb 1, 2024Updated 2 years ago
- Swift code to run a dylib on disk☆16May 9, 2022Updated 3 years ago
- PoC of injecting code into a running Linux process☆23Sep 11, 2019Updated 6 years ago
- Conceptual Methods for Finding Commonalities in Macho Files☆12Mar 21, 2024Updated last year
- JXA situational awareness helper by simply reading specific files on a filesystem☆82Feb 17, 2026Updated 2 weeks ago
- This is a little plugin to copy disassembly in a way that is usable in YARA rules!☆48Apr 14, 2025Updated 10 months ago
- ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).☆121Feb 17, 2026Updated 2 weeks ago
- ☆21Nov 7, 2023Updated 2 years ago
- Collection of Slides From My Conference Talks☆20Nov 21, 2022Updated 3 years ago
- JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…☆17Jan 31, 2021Updated 5 years ago
- macOS Endpoint Security Message Analysis Tool☆47Jan 31, 2022Updated 4 years ago
- Phorion Kronos is a macOS security tool designed to enhance Apple's Transparency Consent and Control (TCC) security and privacy mechanism…☆80Nov 21, 2023Updated 2 years ago
- Shellcode reflective DLL injection in Rust☆27Dec 26, 2025Updated 2 months ago
- reboot of https://github.com/Genetic-Malware/Ebowla in order to simplify / modernize the codebase and provide ongoing support☆23Sep 15, 2021Updated 4 years ago
- Casting light on shadow cloud deployments. Detect exposure of resources deployed in AWS.☆26Jan 19, 2026Updated last month
- AWS Testing and Reporting Management Tool☆20Jan 23, 2023Updated 3 years ago
- Presentation materials for talks I've given.☆20Oct 14, 2019Updated 6 years ago
- Bash Script to extract GNU/Linux forensic artifacts for digital forensic analysis and incident response.☆43Jul 5, 2023Updated 2 years ago
- Collection of my Security Blueprints & Guides☆52Oct 2, 2025Updated 5 months ago
- Aftermath is a free macOS IR framework☆569Sep 25, 2025Updated 5 months ago
- Proof-of-concept code for research into GitHub Actions Cache poisoning.☆21Mar 9, 2025Updated 11 months ago
- Track Apple software update changes with Github Actions☆27Feb 11, 2022Updated 4 years ago
- A bare minimum example of handling incoming emails over SMTP with elixir.☆21Nov 3, 2017Updated 8 years ago
- MQTT broker☆11Jan 7, 2026Updated last month
- A cross platform parser for Apple UnifiedLogs!☆331Feb 15, 2026Updated 2 weeks ago