A Swift port of some of the original PersistentJXA projects by D00MFist. Original PersistentJXA repo: https://github.com/D00MFist/PersistentJXA
☆34Apr 15, 2021Updated 4 years ago
Alternatives and similar repositories for Persistent-Swift
Users that are interested in Persistent-Swift are comparing it to the libraries listed below
Sorting:
- Swift code to programmatically execute local or hosted JXA payloads from Terminal without using the on-disk osascript binary.☆23Apr 22, 2021Updated 4 years ago
- JXA script to allow programmatic persistence via macOS Calendar.app alerts.☆44Oct 31, 2020Updated 5 years ago
- Swift code to run a dylib on disk☆16May 9, 2022Updated 3 years ago
- This repository contains the technique presented at SOCON2025 for stealing cookies silently from MacOS Sequoia with only root privileges☆12Mar 27, 2025Updated 11 months ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- JXA and swift code that can perform some macOS situational awareness without generating TCC prompts.☆40Apr 20, 2022Updated 3 years ago
- It records your terminal, then lets you upload to ASHIRT☆29Feb 11, 2026Updated 2 weeks ago
- Collection of macOS persistence methods and miscellaneous tools in JXA☆288Aug 3, 2023Updated 2 years ago
- Cobalt Strike log state tracking, parsing, and storage☆24Jul 18, 2019Updated 6 years ago
- JXA implementation of some SwiftBelt functions. Author: Cedric Owens☆46Jun 22, 2023Updated 2 years ago
- Swift code to programmatically perform dylib injection☆52Oct 29, 2022Updated 3 years ago
- JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…☆17Jan 31, 2021Updated 5 years ago
- extracts shellcode from a nasm compile macho binary☆17Jan 28, 2021Updated 5 years ago
- Red Team tool for exfiltrating the target organization's Google People Directory that you have access to, via Google's API.☆58Sep 2, 2021Updated 4 years ago
- Apfell POC Chrome Extension Payload☆10Jun 24, 2020Updated 5 years ago
- Assorted, MIT licensed, threat hunting rules from @bradleyjkemp☆14Mar 11, 2022Updated 3 years ago
- ☆15Jul 20, 2022Updated 3 years ago
- RDI implementation in Nim☆64Dec 12, 2020Updated 5 years ago
- DLL hijacking vulnerability scanner and PE infector tool☆20Sep 8, 2017Updated 8 years ago
- Python3 script to generate a macro to launch a Mythic payload. Author: Cedric Owens☆48Apr 15, 2021Updated 4 years ago
- ☆21Feb 27, 2021Updated 5 years ago
- If you have any questions, please open an issue.☆25Apr 6, 2022Updated 3 years ago
- JXA situational awareness helper by simply reading specific files on a filesystem☆82Feb 17, 2026Updated last week
- ☆121Jun 17, 2022Updated 3 years ago
- Implementation of b4rtiks's SharpMiniDump using NTFS transactions to avoid writting the minidump to disk and exfiltrating it via HTTPS us…☆71Nov 14, 2020Updated 5 years ago
- I used this to see if an EDR is running in Safe Mode☆36Feb 13, 2021Updated 5 years ago
- C# code to run PIC using CreateThread☆17Apr 19, 2019Updated 6 years ago
- A library to parse macOS LoginItems☆18Aug 28, 2022Updated 3 years ago
- YouTube/Livestream project for obfuscating C# source code using Roslyn☆129May 9, 2021Updated 4 years ago
- Objective C dylibHijackScanner and analysis tool☆40Jul 12, 2023Updated 2 years ago
- Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods.☆109Oct 29, 2022Updated 3 years ago
- Catalog Red Team techniques that cause popups in various macOS versions☆15Nov 18, 2024Updated last year
- ☆15May 26, 2021Updated 4 years ago
- JXA script for Mythic that prints the TCC.db☆15Apr 18, 2021Updated 4 years ago
- Red Team Automation tool powered by go and terraform☆33May 26, 2021Updated 4 years ago
- A proof-of-concept tool that attempts to retrieve the configuration from the memory dump of an F-Secure C3 Relay executable.☆17Jul 2, 2021Updated 4 years ago
- Port of Invoke-Excel4DCOM☆104Oct 12, 2019Updated 6 years ago
- Windows PE - TLS (Thread Local Storage) Injector in C/C++☆108Jan 3, 2021Updated 5 years ago
- Use current thread token to execute command☆15Jan 27, 2021Updated 5 years ago