macOS Endpoint Security Message Analysis Tool
☆47Jan 31, 2022Updated 4 years ago
Alternatives and similar repositories for esmat
Users that are interested in esmat are comparing it to the libraries listed below
Sorting:
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- ☆11Jun 5, 2024Updated last year
- Use Ghidra Structs in Python☆30Mar 28, 2021Updated 4 years ago
- This is a complete Xcode project of the Endpoint Security Demo gist: https://gist.github.com/Omar-Ikram/8e6721d8e83a3da69b31d4c2612a68ba☆20Jan 5, 2025Updated last year
- Useless tools for exploring Virtualization.framework☆25Jun 14, 2021Updated 4 years ago
- Script for parsing Symantec Endpoint Protection logs, VBNs, and ccSubSDK database.☆64Dec 21, 2022Updated 3 years ago
- A command line tool for pstree-like output on macOS with additional pid capturing capabilities☆276Aug 23, 2024Updated last year
- APFS parser written in pure Go☆78Feb 23, 2026Updated last week
- Restores firmware and filesystem to iPhone/iPod Touch☆14Jul 8, 2011Updated 14 years ago
- ☆13May 17, 2020Updated 5 years ago
- ESF modular ingestion tool for development and research.☆38Dec 21, 2021Updated 4 years ago
- View all modules on that are loaded in the OS kernel☆86Feb 21, 2023Updated 3 years ago
- Hundred Days of Yara Challenge☆12Jun 21, 2022Updated 3 years ago
- CoreFollowUp phishing attack on macOS☆15Mar 15, 2022Updated 3 years ago
- syzkaller is an unsupervised coverage-guided kernel fuzzer☆13Oct 3, 2020Updated 5 years ago
- Slides and material from my conference presentations☆16Mar 30, 2024Updated last year
- ☆125Aug 3, 2024Updated last year
- Registry to JSON. This Project is for learning purposes and is not maintained.☆12Dec 28, 2021Updated 4 years ago
- LiteX-based PCIe MITM, sniffing, fuzzing, device emulation☆19Feb 9, 2022Updated 4 years ago
- Auto updated libimobiledevice Github Actions package☆13Feb 20, 2026Updated last week
- custom Python script to perform Yara matching in Cortex XDR☆14May 18, 2021Updated 4 years ago
- tlsplayback is a set of Proof of Concepts (PoC) showing real-world replay attacks against TLS 1.3 libraries and browsers by exploiting 0-…☆16Aug 11, 2018Updated 7 years ago
- 010 template for apfs☆26Feb 26, 2021Updated 5 years ago
- Documentation and tools to curate Sigma rules for Windows event logs into easier to parse rules.☆16Oct 22, 2025Updated 4 months ago
- A cross platform parser for Apple UnifiedLogs!☆330Feb 15, 2026Updated 2 weeks ago
- A Splunk Technology Add-on to forward filtered ETW events.☆30Oct 14, 2020Updated 5 years ago
- iBoot/SecureROM Loader☆34Feb 24, 2023Updated 3 years ago
- Autopsy Module to analyze Registry Hives☆16Feb 18, 2022Updated 4 years ago
- Small binja plugin to import header file to types☆18Nov 11, 2022Updated 3 years ago
- Description of Apple's LEAP ISA☆16Nov 21, 2022Updated 3 years ago
- And open-source version of % sfltool dumpbtm☆146Oct 18, 2023Updated 2 years ago
- WebKit/JSC CodeQL Databases☆17Dec 15, 2025Updated 2 months ago
- extract and parse WEVT_TEMPLATEs from PE files☆18Dec 30, 2023Updated 2 years ago
- Remotely collect linux live forensics artifacts.☆14Jul 8, 2022Updated 3 years ago
- Generic Signature Format for SIEM Systems☆18Jul 25, 2023Updated 2 years ago
- A Go library speaking Hex-Rays IDA lumina protocol☆38Jun 15, 2023Updated 2 years ago
- Dotfiles and scripts to configure macOS the way I like it. Caveat emptor 😉🔥☆37Feb 14, 2026Updated 2 weeks ago
- A DNS Monitor, leveraging Apple's NEDNSProxyProvider/Network Extension Framework☆210Aug 20, 2024Updated last year
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆40Jul 27, 2021Updated 4 years ago