jamf / aftermath
Aftermath is a free macOS IR framework
☆475Updated 5 months ago
Related projects ⓘ
Alternatives and complementary repositories for aftermath
- A repository for open-source resources created for use with or alongside Jamf Protect.☆188Updated 3 weeks ago
- ☆211Updated this week
- Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…☆439Updated 2 months ago
- An osquery extension for endpoint engineers☆101Updated this week
- AutoMacTC: Automated Mac Forensic Triage Collector☆532Updated 2 years ago
- ☆67Updated 3 years ago
- Unleash the power of the Falcon Platform at the CLI☆113Updated 3 weeks ago
- A binary authorization and monitoring system for macOS☆70Updated this week
- Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows☆385Updated 6 months ago
- The CrowdStrike Falcon SDK for Python☆371Updated this week
- Sublime rules for email attack detection, prevention, and threat hunting.☆256Updated this week
- Post-Infection Collection Toolkit☆93Updated last year
- A ruleset to find potentially malicious code in macOS malware samples☆39Updated last year
- ☆101Updated 2 years ago
- CIS Benchmarks for macOS Catalina☆122Updated 2 months ago
- Suite of tools to facilitate attacks against the Jamf macOS management platform.☆177Updated 3 years ago
- Mergen is an open-source, native macOS application for auditing and checking the security of your MacOS.☆157Updated last year
- Mapping XProtect's obfuscated malware family names to common industry names.☆82Updated 6 months ago
- A command line tool for pstree-like output on macOS with additional pid capturing capabilities☆245Updated 2 months ago
- Production-ready detection & response queries for osquery☆529Updated this week
- LotL RMM☆96Updated this week
- SOFA | A MacAdmin's Simple Organized Feed for Apple Software Updates☆173Updated this week
- SCuBA Secure Configuration Baselines and assessment tool for Google Workspace☆160Updated this week
- A macOS authorization plugin that helps MDM administrators ensure valid FileVault keys are escrowed for all their Macs.☆208Updated 2 months ago
- Software provided by the Solutions Engineering and Support teams at Kandji, Inc.☆158Updated this week
- 🧭 The artifactcollector is a customizable agent to collect forensic artifacts on any Windows, macOS or Linux system☆270Updated last month
- Aftermath is a free macOS incident response framework☆29Updated 8 months ago
- ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit l…☆145Updated last week
- Simple Workspace Attack Tool (SWAT) is a tool for simulating malicious behavior against Google Workspace in reference to the MITRE ATT&CK…☆161Updated last month
- Phorion Kronos is a macOS security tool designed to enhance Apple's Transparency Consent and Control (TCC) security and privacy mechanism…☆71Updated 11 months ago