jamf / aftermath
Aftermath is a free macOS IR framework
☆498Updated 4 months ago
Alternatives and similar repositories for aftermath:
Users that are interested in aftermath are comparing it to the libraries listed below
- A repository for open-source resources created for use with or alongside Jamf Protect.☆195Updated 3 weeks ago
- Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" ma…☆456Updated 3 months ago
- ☆236Updated last month
- A binary authorization and monitoring system for macOS☆175Updated last week
- AutoMacTC: Automated Mac Forensic Triage Collector☆535Updated 3 years ago
- Production-ready detection & response queries for osquery☆558Updated last week
- An osquery extension for endpoint engineers☆105Updated last month
- ☆69Updated 3 years ago
- Suite of tools to facilitate attacks against the Jamf macOS management platform.☆181Updated 4 years ago
- This is the integration to feed Falcon X IOC data into zscaler's platform☆14Updated 9 months ago
- Post-Infection Collection Toolkit☆95Updated 2 years ago
- CIS Benchmarks for macOS Catalina☆123Updated 6 months ago
- ☆100Updated 2 years ago
- Dorothy is a tool to test security monitoring and detection for Okta environments☆179Updated 7 months ago
- Swift binary that will change a local administrator password to a random generated password. Similar behavior to LAPS for Windows☆404Updated last month
- The CrowdStrike Falcon SDK for Python☆396Updated this week
- Unleash the power of the Falcon Platform at the CLI☆116Updated last month
- A command line tool for pstree-like output on macOS with additional pid capturing capabilities☆251Updated 7 months ago
- osquery extensions by Trail of Bits☆263Updated last year
- A serverless sync server for Santa, built on AWS☆93Updated 4 months ago
- LotL RMM☆152Updated last week
- Collection of useful Canary tools☆77Updated last week
- SOFA | A MacAdmin's Simple Organized Feed for Apple Software Updates☆227Updated this week
- Sublime rules for email attack detection, prevention, and threat hunting.☆283Updated this week
- Mapping XProtect's obfuscated malware family names to common industry names.☆84Updated 11 months ago
- Repository of attack and defensive information for Business Email Compromise investigations☆249Updated 2 months ago
- A ruleset to find potentially malicious code in macOS malware samples☆39Updated last year
- Aftermath is a free macOS incident response framework☆31Updated 3 months ago
- A macOS authorization plugin that helps MDM administrators ensure valid FileVault keys are escrowed for all their Macs.☆231Updated 7 months ago
- Phorion Kronos is a macOS security tool designed to enhance Apple's Transparency Consent and Control (TCC) security and privacy mechanism…☆72Updated last year