A collection of projects demonstrating various commandline cloaking techniques on Linux
☆61Aug 4, 2022Updated 3 years ago
Alternatives and similar repositories for commandline_cloaking
Users that are interested in commandline_cloaking are comparing it to the libraries listed below
Sorting:
- ☆17Sep 10, 2021Updated 4 years ago
- A CLI tool for leveraging IDP signing keys to impersonate users and groups☆19Apr 1, 2021Updated 4 years ago
- JXA script for Mythic that prints the TCC.db☆15Apr 18, 2021Updated 4 years ago
- Spins up a docker container with several useful tools for offensive security in macOS/cloud environments. Also installs the needed depend…☆18Nov 3, 2021Updated 4 years ago
- Catalog Red Team techniques that cause popups in various macOS versions☆15Nov 18, 2024Updated last year
- Discover which process execute a hunted binary inside macOS☆27Dec 15, 2021Updated 4 years ago
- JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…☆17Jan 31, 2021Updated 5 years ago
- Swift code to run a dylib on disk☆16May 9, 2022Updated 3 years ago
- Collection of Slides From My Conference Talks☆20Nov 21, 2022Updated 3 years ago
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆21Aug 26, 2020Updated 5 years ago
- Execute MachO binaries in memory using CGo☆79May 24, 2021Updated 4 years ago
- Provides an easy way to collect and send Slack access & integration logs.☆13Oct 19, 2021Updated 4 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Rules Shared by the Community from 100 Days of YARA 2023 -☆18Apr 10, 2023Updated 2 years ago
- Swift code to parse the quarantine history database, Chrome history database, Safari history database, and Firefox history database on ma…☆16Dec 3, 2020Updated 5 years ago
- go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems☆13Sep 28, 2023Updated 2 years ago
- Turning Your Computer Into a GPS Tracker With Apple Maps☆18Feb 6, 2024Updated 2 years ago
- Swift code to programmatically perform dylib injection☆52Oct 29, 2022Updated 3 years ago
- #️⃣ 🕸️ 👤 HTTP Headers Hashing☆13Aug 27, 2023Updated 2 years ago
- Various utilities useful for developers writing BPF tools☆31Apr 12, 2023Updated 2 years ago
- Payload designed for targeting Jamf enrolled devices.☆39May 19, 2023Updated 2 years ago
- Research of modifying exported function names at runtime (C/C++, Windows)☆18May 28, 2024Updated last year
- a collection of profiles for macOS designed for penetration testing or red teaming☆37Apr 15, 2019Updated 6 years ago
- An Ubuntu 18.04 box for Mythic C2 framework development☆17Jun 17, 2022Updated 3 years ago
- Mimic is a eBPF virtual machine and emulator which runs in userspace☆29May 28, 2022Updated 3 years ago
- Playing with PE's and Building Structures by Hand☆22Apr 21, 2022Updated 3 years ago
- JXA and swift code that can perform some macOS situational awareness without generating TCC prompts.☆40Apr 20, 2022Updated 3 years ago
- A file system events notifier based on eBPF☆74Dec 5, 2025Updated 3 months ago
- JXA script to allow programmatic persistence via macOS Calendar.app alerts.☆44Oct 31, 2020Updated 5 years ago
- Assorted, MIT licensed, threat hunting rules from @bradleyjkemp☆14Mar 11, 2022Updated 4 years ago
- eBPF Map Prometheus Exporter☆27Aug 1, 2025Updated 7 months ago
- https://wojciechregula.blog/post/macos-red-teaming-get-ad-credentials-from-nomad/☆43Mar 4, 2022Updated 4 years ago
- CVE-2021-1675 LPE PoC in Nim (PrintNightmare Local Privilege Escalation)☆18Dec 5, 2021Updated 4 years ago
- Linux Kernel Runtime Integrity with eBPF☆184Nov 23, 2023Updated 2 years ago
- pam_python is a PAM module that runs the Python interpreter, and so allows PAM modules to be written in Python.☆22Apr 24, 2020Updated 5 years ago
- Shell wrapper with keylogger (local log or syslog)☆13Nov 1, 2017Updated 8 years ago
- POC for a basic C2 server using the python aiohttp framework☆15Mar 22, 2020Updated 5 years ago
- Objective-C runtime library wrapper for Nim☆19Jun 7, 2017Updated 8 years ago
- bpflock - eBPF driven security for locking and auditing Linux machines☆151Feb 16, 2022Updated 4 years ago