A collection of projects demonstrating various commandline cloaking techniques on Linux
☆61Aug 4, 2022Updated 3 years ago
Alternatives and similar repositories for commandline_cloaking
Users that are interested in commandline_cloaking are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.
Sorting:
- ☆18Sep 10, 2021Updated 4 years ago
- A CLI tool for leveraging IDP signing keys to impersonate users and groups☆19Apr 1, 2021Updated 5 years ago
- JXA script for Mythic that prints the TCC.db☆15Apr 18, 2021Updated 5 years ago
- Spins up a docker container with several useful tools for offensive security in macOS/cloud environments. Also installs the needed depend…☆18Nov 3, 2021Updated 4 years ago
- Catalog Red Team techniques that cause popups in various macOS versions☆15Nov 18, 2024Updated last year
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆40Jul 27, 2021Updated 4 years ago
- Discover which process execute a hunted binary inside macOS☆29Dec 15, 2021Updated 4 years ago
- JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…☆17Jan 31, 2021Updated 5 years ago
- Swift code to run a dylib on disk☆16May 9, 2022Updated 4 years ago
- Collection of Slides From My Conference Talks☆21Nov 21, 2022Updated 3 years ago
- PoC for detecting and evading ETW detection of .Net Assembly.Load☆22Aug 26, 2020Updated 5 years ago
- Execute MachO binaries in memory using CGo☆80May 24, 2021Updated 4 years ago
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- Rules Shared by the Community from 100 Days of YARA 2023 -☆18Apr 10, 2023Updated 3 years ago
- Managed Kubernetes at scale on DigitalOcean • AdDigitalOcean Kubernetes includes the control plane, bandwidth allowance, container registry, automatic updates, and more for free.
- Swift code to parse the quarantine history database, Chrome history database, Safari history database, and Firefox history database on ma…☆16Dec 3, 2020Updated 5 years ago
- go-ima is a tool that checks if a file has been tampered with. It is useful in ensuring integrity in CI systems☆14Sep 28, 2023Updated 2 years ago
- Turning Your Computer Into a GPS Tracker With Apple Maps☆18Feb 6, 2024Updated 2 years ago
- Swift code to programmatically perform dylib injection☆53Oct 29, 2022Updated 3 years ago
- #️⃣ 🕸️ 👤 HTTP Headers Hashing☆13Aug 27, 2023Updated 2 years ago
- Payload designed for targeting Jamf enrolled devices.☆40May 19, 2023Updated 3 years ago
- a collection of profiles for macOS designed for penetration testing or red teaming☆37Apr 15, 2019Updated 7 years ago
- Research of modifying exported function names at runtime (C/C++, Windows)☆18May 28, 2024Updated last year
- An Ubuntu 18.04 box for Mythic C2 framework development☆17Jun 17, 2022Updated 3 years ago
- Managed hosting for WordPress and PHP on Cloudways • AdManaged hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
- Mimic is a eBPF virtual machine and emulator which runs in userspace☆29May 28, 2022Updated 3 years ago
- Playing with PE's and Building Structures by Hand☆22Apr 21, 2022Updated 4 years ago
- JXA and swift code that can perform some macOS situational awareness without generating TCC prompts.☆40Apr 20, 2022Updated 4 years ago
- A file system events notifier based on eBPF☆74Dec 5, 2025Updated 5 months ago
- JXA script to allow programmatic persistence via macOS Calendar.app alerts.☆44Oct 31, 2020Updated 5 years ago
- Assorted, MIT licensed, threat hunting rules from @bradleyjkemp☆14Mar 11, 2022Updated 4 years ago
- eBPF Map Prometheus Exporter☆27Aug 1, 2025Updated 9 months ago
- https://wojciechregula.blog/post/macos-red-teaming-get-ad-credentials-from-nomad/☆43Mar 4, 2022Updated 4 years ago
- CVE-2021-1675 LPE PoC in Nim (PrintNightmare Local Privilege Escalation)☆18Dec 5, 2021Updated 4 years ago
- Wordpress hosting with auto-scaling - Free Trial Offer • AdFully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
- Linux Kernel Runtime Integrity with eBPF☆186Nov 23, 2023Updated 2 years ago
- Shell wrapper with keylogger (local log or syslog)☆13Nov 1, 2017Updated 8 years ago
- POC for a basic C2 server using the python aiohttp framework☆15Mar 22, 2020Updated 6 years ago
- Objective-C runtime library wrapper for Nim☆19Jun 7, 2017Updated 8 years ago
- bpflock - eBPF driven security for locking and auditing Linux machines☆153Feb 16, 2022Updated 4 years ago
- Simple stacking window manager for X11☆11Aug 26, 2020Updated 5 years ago
- A Swift port of some of the original PersistentJXA projects by D00MFist. Original PersistentJXA repo: https://github.com/D00MFist/Persist…☆34Apr 15, 2021Updated 5 years ago