JSON DataSet for macOS mapped to MITRE ATT&CK Tactics.
☆158Sep 10, 2021Updated 4 years ago
Alternatives and similar repositories for macOS-ATTACK-DATASET
Users that are interested in macOS-ATTACK-DATASET are comparing it to the libraries listed below
Sorting:
- A JXA script for enumerating running processes, printed out in a json, parent-child tree.☆14Jan 28, 2022Updated 4 years ago
- JXA script for Mythic that prints the TCC.db☆15Apr 18, 2021Updated 4 years ago
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆40Jul 27, 2021Updated 4 years ago
- JXA script to allow programmatic persistence via macOS Calendar.app alerts.☆44Oct 31, 2020Updated 5 years ago
- Threat Hunting & Incident Investigation with Osquery☆216Mar 30, 2022Updated 3 years ago
- ☆99Feb 16, 2021Updated 5 years ago
- PoC of macho loading from memory☆58Nov 18, 2024Updated last year
- Random hunting ordiented yara rules☆96Mar 27, 2023Updated 2 years ago
- Assorted, MIT licensed, threat hunting rules from @bradleyjkemp☆14Mar 11, 2022Updated 3 years ago
- JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…☆17Jan 31, 2021Updated 5 years ago
- Swift code to programmatically execute local or hosted JXA payloads from Terminal without using the on-disk osascript binary.☆23Apr 22, 2021Updated 4 years ago
- Repository with Sample threat hunting notebooks on Security Event Log Data Sources☆69Dec 2, 2022Updated 3 years ago
- Misc Threat Hunting Resources☆377Jan 26, 2023Updated 3 years ago
- Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods.☆109Oct 29, 2022Updated 3 years ago
- Catalog Red Team techniques that cause popups in various macOS versions☆15Nov 18, 2024Updated last year
- Discover which process execute a hunted binary inside macOS☆27Dec 15, 2021Updated 4 years ago
- Collection of macOS persistence methods and miscellaneous tools in JXA☆288Aug 3, 2023Updated 2 years ago
- Windows Events Attack Samples☆2,517Jan 24, 2023Updated 3 years ago
- The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat huntin…☆154Apr 25, 2022Updated 3 years ago
- Swift code to run a dylib on disk☆16May 9, 2022Updated 3 years ago
- quick 'n dirty poc based on PoC windows auth prompt in c# based on https://gist.githubusercontent.com/mayuki/339952/raw/2c36b735bc51861a3…☆31Jun 12, 2020Updated 5 years ago
- Swift Command line tool used for proactive detection of malicious activity on macOS systems.☆67Jul 1, 2020Updated 5 years ago
- PCAP Samples for Different Post Exploitation Techniques☆368Apr 29, 2021Updated 4 years ago
- macOS Offensive Tools☆270Sep 28, 2023Updated 2 years ago
- Helper scripts to automate the extraction of YARA rules from XProtectRemediators☆22Mar 5, 2024Updated 2 years ago
- Tools related to work with Attack Flow (https://github.com/center-for-threat-informed-defense/attack-flow)☆44Jun 6, 2022Updated 3 years ago
- Tracking of offensive macOS tooling, blogs, and related helpful information☆192Nov 18, 2024Updated last year
- DetectionLabELK is a fork from DetectionLab with ELK stack instead of Splunk.☆573Dec 12, 2021Updated 4 years ago
- Blueteam operational triage registry hunting/forensic tool.☆149Sep 2, 2025Updated 6 months ago
- ☆11Dec 9, 2025Updated 2 months ago
- ☆12Mar 24, 2018Updated 7 years ago
- ☆12Jan 5, 2021Updated 5 years ago
- Detection Ideas & Rules repository.☆178Sep 10, 2021Updated 4 years ago
- ☆2,513Updated this week
- ☆22May 29, 2020Updated 5 years ago
- Building environments to replicate small networks and deploy applications☆330Jan 9, 2026Updated last month
- Active C2 IoCs☆99Nov 28, 2022Updated 3 years ago
- This repository hosts community contributed Kestrel huntflows (.hf) and huntbooks (.ipynb)☆37Jan 2, 2024Updated 2 years ago
- ☆133Jul 14, 2021Updated 4 years ago