ald3ns / XPR-dumpLinks
Helper scripts to automate the extraction of YARA rules from XProtectRemediators
☆20Updated last year
Alternatives and similar repositories for XPR-dump
Users that are interested in XPR-dump are comparing it to the libraries listed below
Sorting:
- Software installation scripts for macOS systems that allows you to setup a Virtual Machine (VM) for reverse engineering macOS malware☆32Updated 4 months ago
- Enumerate Location Services using CoreLocation API on macOS☆18Updated 3 years ago
- ☆49Updated 11 months ago
- machofile is a module to parse Mach-O binary files☆51Updated last year
- ☆31Updated 11 months ago
- Discover which process execute a hunted binary inside macOS☆24Updated 3 years ago
- A minimal malware analysis sandbox for macOS☆29Updated 2 years ago
- Swift implementation of in-memory Mach-O loading on macOS☆63Updated 2 years ago
- A Ghidra extension for reverse-engineering macOS binaries.☆19Updated 4 months ago
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆39Updated 3 years ago
- Repository for Flare-On challenges and solutions/code☆9Updated 6 months ago
- ESF modular ingestion tool for development and research.☆35Updated 3 years ago
- ☆86Updated 8 months ago
- A simple macOS debugger detection trick☆12Updated last month
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆13Updated 3 years ago
- macOS third-party software vulnerabilities I have discovered☆13Updated last year
- Slides and material from my conference presentations☆16Updated last year
- macOS codesigning translocation vulnerability.☆42Updated 3 years ago
- PoC of macho loading from memory☆56Updated 6 months ago
- Examples of programmatically interacting with ioreg and sysctl to query system info☆10Updated 3 years ago
- One-Click to Completely Take Over A macOS Device☆17Updated 2 years ago
- Swift code to run a dylib on disk☆16Updated 3 years ago
- JXA implementation of some SwiftBelt functions. Author: Cedric Owens☆44Updated last year
- ☆13Updated 4 years ago
- A Swift port of some of the original PersistentJXA projects by D00MFist. Original PersistentJXA repo: https://github.com/D00MFist/Persist…☆32Updated 4 years ago
- Decrypt encrypted SonicOSX firmware images☆15Updated 3 months ago
- ☆18Updated 4 years ago
- ObjectiveC CLI tool for interacting with macOS Keychain☆78Updated 2 years ago
- Swift code to programmatically execute local or hosted JXA payloads from Terminal without using the on-disk osascript binary.☆24Updated 4 years ago
- Help deobfuscate VBScript☆15Updated 2 years ago