mellow-hype / santa-linux

Related projects: ⓘ

• theevilbit / macos
  ☆28Updated 3 months ago
• 0xbf00 / macos-sandbox-coverage
  Tools to measure an app's App Sandbox usage
  ☆23Updated 4 years ago
• xorrior / xpcutil
  Golang Tool to interact with Launchd and other services with XPC
  ☆27Updated 4 years ago
• ald3ns / XPR-dump
  Helper scripts to automate the extraction of YARA rules from XProtectRemediators
  ☆18Updated 6 months ago
• xorrior / goesf
  Golang command line tool for the macOS Endpoint Security Framework
  ☆29Updated 4 years ago
• prsecurity / macos_execute_from_memory
  ☆31Updated this week
• usbarmory / armory-drive
  F-Secure Armory Drive - USB encrypted drive with mobile unlock over BLE
  ☆54Updated 11 months ago
• vastlimits / esmat
  macOS Endpoint Security Message Analysis Tool
  ☆45Updated 2 years ago
• taviso / scanlimits
  Tool to examine the behaviour of setuid binaries under constrained limits.
  ☆62Updated 3 years ago
• nccgroup / insject
  insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces.
  ☆49Updated 2 years ago
• antitree / keyctl-unmask
  Going Florida on container keyring masks. A tool to demonstrate the ineffectivity containers have on isolating Linux Kernel keyrings.
  ☆43Updated last year
• immune-gmbh / tpm-vuln-checker
  Checks for tpm vulnerabilities
  ☆35Updated last year
• ancat / egrets
  egrets monitors egress
  ☆45Updated 4 years ago
• netspooky / notes
  ☆25Updated last year
• mcarmanize / esfriend
  A minimal malware analysis sandbox for macOS
  ☆26Updated last year
• knightsc / XProtect
  macOS XProtect definition files
  ☆38Updated 2 years ago
• airbus-cert / dirtypipe-ebpf_detection
  An eBPF detection program for CVE-2022-0847
  ☆27Updated 2 years ago
• slyd0g / SwiftParseTCC
  Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format
  ☆37Updated 3 years ago
• f0rki / bn-goloader
  go reversing helpers for binaryninja
  ☆25Updated last year
• ForensicITGuy / libpreloadvaccine
  Whitelisting LD_PRELOAD libraries using LD_AUDIT
  ☆60Updated 2 years ago
• objective-see / TAOMM
  The Art of Mac Malware
  ☆20Updated 2 months ago
• buzzer-re / whoexec
  Discover which process execute a hunted binary inside macOS
  ☆24Updated 2 years ago
• CoolerVoid / spock_slaf
  ☆43Updated this week
• flowztul / keyexec
  Collection of Scripts to Automatically Unlock LUKS Devices on kexec Reboot
  ☆56Updated 5 years ago
• mandiant / ARDvark
  ARDvark parses the Apple Remote Desktop (ARD) files to pull out application usage, user activity, and filesystem listings.
  ☆34Updated last year
• AGWA / whoarethey
  Determine Who Can Log In to an SSH Server
  ☆27Updated last year
• cedowens / EntitlementCheck
  Scripts (python3 and Swift) for macOS to recursively check /Applications and also check /usr/local/bin, /usr/bin, and /usr/sbin for binar…
  ☆90Updated 2 years ago
• AtropineTears / TheMacHardeningScripts
  Scripts to secure and harden Mac OS X
  ☆30Updated 2 years ago
• mwielgoszewski / SecureEnclaveToken
  A Secure Enclave Token Driver Smartcard Extension
  ☆55Updated last year
• 0xbf00 / simbple
  macOS Sandbox Profile Language (SBPL) Interpreter
  ☆43Updated 4 years ago