sbousseaden/macOS-ATTACK-DATASET external links

---

GitHub - View repository

GitHub.dev - Open in online code editor

Star history - Growth chart over time

deps.dev - Dependencies and security vulnerabilities

Gitingest - Export source code for LLM usage

Repomix - Export source code for LLM usage

uithub - Export source code for LLM usage

Close

sbousseaden/macOS-ATTACK-DATASET

Readme badge preview -

If you own this repo, copy the snippet below and add it to your README.md

---

Copy

[![RelatedRepos](https://img.shields.io/badge/related-repos-yellow)](https://relatedrepos.com/gh/sbousseaden/macOS-ATTACK-DATASET)

Close

sbousseaden / macOS-ATTACK-DATASETView on GitHubMore

• External links
• Readme badge

JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.

☆158Sep 10, 2021Updated 4 years ago

Alternatives and similar repositories for macOS-ATTACK-DATASET

Users that are interested in macOS-ATTACK-DATASET are comparing it to the libraries listed below. We may earn a commission when you buy through links labeled 'Ad' on this page.

• antman1p / JXA_Proc_Tree

  View on GitHub
  A JXA script for enumerating running processes, printed out in a json, parent-child tree.
  ☆14Jan 28, 2022Updated 4 years ago
• antman1p / PrintTCCdb

  View on GitHub
  JXA script for Mythic that prints the TCC.db
  ☆15Apr 18, 2021Updated 4 years ago
• slyd0g / SwiftParseTCC

  View on GitHub
  Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format
  ☆40Jul 27, 2021Updated 4 years ago
• Kirtar22 / ThreatHunting_with_Osquery

  View on GitHub
  Threat Hunting & Incident Investigation with Osquery
  ☆217Mar 30, 2022Updated 4 years ago
• cedowens / JXA-RemoveQuarantine

  View on GitHub
  JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…
  ☆17Jan 31, 2021Updated 5 years ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• FSecureLABS / CalendarPersist

  View on GitHub
  JXA script to allow programmatic persistence via macOS Calendar.app alerts.
  ☆44Oct 31, 2020Updated 5 years ago
• cedowens / JXA-Runner

  View on GitHub
  Swift code to programmatically execute local or hosted JXA payloads from Terminal without using the on-disk osascript binary.
  ☆23Apr 22, 2021Updated 4 years ago
• sans-blue-team / sec555-mdwiki-v1

  View on GitHub
  ☆12Jan 5, 2021Updated 5 years ago
• XMCyber / MacHound

  View on GitHub
  ☆100Feb 16, 2021Updated 5 years ago
• cedowens / Dylib_Runner

  View on GitHub
  Swift code to run a dylib on disk
  ☆16May 9, 2022Updated 3 years ago
• bradleyjkemp / threathunting

  View on GitHub
  Assorted, MIT licensed, threat hunting rules from @bradleyjkemp
  ☆14Mar 11, 2022Updated 4 years ago
• sbousseaden / Slides

  View on GitHub
  Misc Threat Hunting Resources
  ☆377Jan 26, 2023Updated 3 years ago
• its-a-feature / macos_execute_from_memory

  View on GitHub
  PoC of macho loading from memory
  ☆58Nov 18, 2024Updated last year
• cedowens / Swift-Attack

  View on GitHub
  Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods.
  ☆109Oct 29, 2022Updated 3 years ago
• Wordpress hosting with auto-scaling - Free Trial • Ad
  Fully Managed hosting for WordPress and WooCommerce businesses that need reliable, auto-scalable performance. Cloudways SafeUpdates now available.
• buzzer-re / whoexec

  View on GitHub
  Discover which process execute a hunted binary inside macOS
  ☆27Dec 15, 2021Updated 4 years ago
• sbousseaden / YaraHunts

  View on GitHub
  Random hunting ordiented yara rules
  ☆96Mar 27, 2023Updated 3 years ago
• sbousseaden / EVTX-ATTACK-SAMPLES

  View on GitHub
  Windows Events Attack Samples
  ☆2,549Jan 24, 2023Updated 3 years ago
• xorrior / macOSTools

  View on GitHub
  macOS Offensive Tools
  ☆271Sep 28, 2023Updated 2 years ago
• richiercyrus / Venator-Swift

  View on GitHub
  Swift Command line tool used for proactive detection of malicious activity on macOS systems.
  ☆67Jul 1, 2020Updated 5 years ago
• ashwin-patil / threat-hunting-with-notebooks

  View on GitHub
  Repository with Sample threat hunting notebooks on Security Event Log Data Sources
  ☆69Dec 2, 2022Updated 3 years ago
• cedowens / Mythic-Macro-Generator

  View on GitHub
  Python3 script to generate a macro to launch a Mythic payload. Author: Cedric Owens
  ☆48Apr 15, 2021Updated 5 years ago
• sisoc-tokyo / mimikatz_detection

  View on GitHub
  ☆12Mar 24, 2018Updated 8 years ago
• vadim-hunter / Detection-Ideas-Rules

  View on GitHub
  Detection Ideas & Rules repository.
  ☆178Sep 10, 2021Updated 4 years ago
• AI Agents on DigitalOcean Gradient AI Platform • Ad
  Build production-ready AI agents using customizable tools or access multiple LLMs through a single endpoint. Create custom knowledge bases or connect external data.
• D00MFist / PersistentJXA

  View on GitHub
  Collection of macOS persistence methods and miscellaneous tools in JXA
  ☆291Mar 26, 2026Updated 3 weeks ago
• sbousseaden / PCAP-ATTACK

  View on GitHub
  PCAP Samples for Different Post Exploitation Techniques
  ☆369Apr 29, 2021Updated 4 years ago
• its-a-feature / macos-popups

  View on GitHub
  Catalog Red Team techniques that cause popups in various macOS versions
  ☆15Nov 18, 2024Updated last year
• mandiant / thiri-notebook

  View on GitHub
  The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…
  ☆154Apr 25, 2022Updated 3 years ago
• elastic / detection-rules

  View on GitHub
  ☆2,557Updated this week
• its-a-feature / offensive_macos

  View on GitHub
  Tracking of offensive macOS tooling, blogs, and related helpful information
  ☆193Nov 18, 2024Updated last year
• Yamato-Security / suzaku-rules

  View on GitHub
  ☆11Dec 9, 2025Updated 4 months ago
• puffyCid / macos-loginitems

  View on GitHub
  A library to parse macOS LoginItems
  ☆18Aug 28, 2022Updated 3 years ago
• OTRF / bloodhound-notebook

  View on GitHub
  BloodHound Cypher Queries Ported to a Jupyter Notebook
  ☆53Jun 20, 2020Updated 5 years ago
• Managed hosting for WordPress and PHP on Cloudways • Ad
  Managed hosting for WordPress, Magento, Laravel, or PHP apps, on multiple cloud providers. Deploy in minutes on Cloudways by DigitalOcean.
• OTRF / OSSEM

  View on GitHub
  Open Source Security Events Metadata (OSSEM)
  ☆1,289Feb 27, 2023Updated 3 years ago
• djhohnstein / macos_shell_memory

  View on GitHub
  Execute MachO binaries in memory using CGo
  ☆79May 24, 2021Updated 4 years ago
• cyberdefenders / DetectionLabELK

  View on GitHub
  DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.
  ☆572Dec 12, 2021Updated 4 years ago
• splunk / attack_range_cloud

  View on GitHub
  Attack Range to test detection against nativel serverless cloud services and environments
  ☆35Sep 8, 2021Updated 4 years ago
• MythicAgents / typhon

  View on GitHub
  Payload designed for targeting Jamf enrolled devices.
  ☆40May 19, 2023Updated 2 years ago
• OTRF / Blacksmith

  View on GitHub
  Building environments to replicate small networks and deploy applications
  ☆332Jan 9, 2026Updated 3 months ago
• carbonblack / active_c2_ioc_public

  View on GitHub
  Active C2 IoCs
  ☆99Nov 28, 2022Updated 3 years ago