mellow-hype / santa-linux
A proof-of-concept Linux clone of Santa, Google's binary authorization system for macOS
☆30Updated 2 years ago
Alternatives and similar repositories for santa-linux:
Users that are interested in santa-linux are comparing it to the libraries listed below
- Tools to measure an app's App Sandbox usage☆24Updated 4 years ago
- Checks for tpm vulnerabilities☆37Updated 2 years ago
- LKRG bypass methods☆71Updated 5 years ago
- A minimal malware analysis sandbox for macOS☆28Updated 2 years ago
- An eBPF detection program for CVE-2022-0847☆28Updated 2 years ago
- insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.☆50Updated 3 years ago
- Apple's crashwrangler with support for Apple Silicon☆32Updated 4 years ago
- Golang command line tool for the macOS Endpoint Security Framework☆29Updated 5 years ago
- Helper scripts to automate the extraction of YARA rules from XProtectRemediators☆19Updated last year
- Discover which process execute a hunted binary inside macOS☆24Updated 3 years ago
- macOS XProtect definition files☆40Updated 2 years ago
- ☆26Updated last year
- Python bindings for yescrypt: memory-hard, NIST-compliant password hashing☆11Updated last year
- macOS Endpoint Security Message Analysis Tool☆45Updated 3 years ago
- Golang Tool to interact with Launchd and other services with XPC☆29Updated 4 years ago
- crashmon - A LLDB Based replacement for CrashWrangler☆46Updated last year
- macOS Sandbox Profile Language (SBPL) Interpreter☆53Updated 4 years ago
- Nice (ish) bindings for the EndpointSecurity framework on macOS for Rust.☆21Updated last year
- egrets monitors egress☆46Updated 4 years ago
- ☆15Updated 6 months ago
- The Art of Mac Malware☆40Updated this week
- Software installation scripts for macOS systems that allows you to setup a Virtual Machine (VM) for reverse engineering macOS malware☆30Updated 2 months ago
- Whitelisting LD_PRELOAD libraries using LD_AUDIT☆62Updated 3 years ago
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆39Updated 3 years ago
- macOS codesigning translocation vulnerability.☆42Updated 3 years ago
- Miscellaneous one-off scripts, exploits, tools, sample code, ...☆10Updated 6 years ago
- GreenLambert macOS IDA plugin to deobfuscate strings☆12Updated 3 years ago
- Pulled out Linux kernel code to run in userland so they could be targeted by AFL and KLEE☆19Updated 5 years ago
- ☆31Updated 3 years ago
- ☆31Updated 9 months ago