Golang Tool to interact with Launchd and other services with XPC
☆29May 7, 2020Updated 5 years ago
Alternatives and similar repositories for xpcutil
Users that are interested in xpcutil are comparing it to the libraries listed below
Sorting:
- PoC of macho loading from memory☆58Nov 18, 2024Updated last year
- Tracking of offensive macOS tooling, blogs, and related helpful information☆192Nov 18, 2024Updated last year
- Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format☆40Jul 27, 2021Updated 4 years ago
- JXA implementation of some SwiftBelt functions. Author: Cedric Owens☆46Jun 22, 2023Updated 2 years ago
- Execute MachO binaries in memory using CGo☆79May 24, 2021Updated 4 years ago
- Phorion Kronos is a macOS security tool designed to enhance Apple's Transparency Consent and Control (TCC) security and privacy mechanism…☆80Nov 21, 2023Updated 2 years ago
- Loads a program into a memfd and runs it.☆11May 22, 2022Updated 3 years ago
- ☆12Aug 10, 2024Updated last year
- Swift code to parse the quarantine history database, Chrome history database, Safari history database, and Firefox history database on ma…☆15Dec 3, 2020Updated 5 years ago
- easy dll proxying in go☆14Apr 24, 2022Updated 3 years ago
- macOS Offensive Tools☆270Sep 28, 2023Updated 2 years ago
- Various scripts for macOS tasks☆141Nov 24, 2025Updated 3 months ago
- ☆33Jun 12, 2024Updated last year
- PoC code for CVE-2018-9539☆20Nov 11, 2018Updated 7 years ago
- Domain Generation Algorithms research papers, datasets and code☆15May 17, 2020Updated 5 years ago
- Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods.☆109Oct 29, 2022Updated 3 years ago
- A CLI tool for leveraging IDP signing keys to impersonate users and groups☆19Apr 1, 2021Updated 4 years ago
- ☆17Sep 29, 2023Updated 2 years ago
- JXA situational awareness helper by simply reading specific files on a filesystem☆82Feb 17, 2026Updated 2 weeks ago
- Objective C dylibHijackScanner and analysis tool☆40Jul 12, 2023Updated 2 years ago
- Secure example of an XPC helper written in Swift☆108Mar 16, 2020Updated 5 years ago
- Bro integration with osquery☆15Mar 24, 2023Updated 2 years ago
- Python3 script which decrypts files encrypted by flawed Cl0p ELF variant.☆17Feb 6, 2023Updated 3 years ago
- JXA script based on research by Jeff Johnson on leveraging TextEdit to remove quarantine attributes on files. Jeff's original research is…☆17Jan 31, 2021Updated 5 years ago
- Research into COM☆19Jan 25, 2020Updated 6 years ago
- Collection of Slides From My Conference Talks☆20Nov 21, 2022Updated 3 years ago
- ObjectiveC CLI tool for interacting with macOS Keychain☆82Oct 10, 2022Updated 3 years ago
- A ruleset to find potentially malicious code in macOS malware samples☆40Aug 29, 2023Updated 2 years ago
- Adversary emulation for EDR/SIEM testing (macOS/Linux)☆53Updated this week
- A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens☆340Apr 28, 2022Updated 3 years ago
- ☆18Aug 15, 2021Updated 4 years ago
- Threat Box Assessment Tool☆19Aug 15, 2021Updated 4 years ago
- Run Sigma detection rules on logs from the new MacOS EndpointSecurity Framework☆22Jan 22, 2021Updated 5 years ago
- Secretly record audio and video with chromium based browsers.☆23Feb 14, 2024Updated 2 years ago
- Automatic Sender Policy Framework Reconnaissance☆19Jul 9, 2018Updated 7 years ago
- An open source implemention of Apple's `launchctl(1)`☆90Sep 18, 2025Updated 5 months ago
- Repository of tools, YARA rules, and code-snippets from Stairwell's research team.☆23Jan 31, 2024Updated 2 years ago
- DNS server for pentesters☆50Nov 2, 2025Updated 4 months ago
- Discover which process execute a hunted binary inside macOS☆27Dec 15, 2021Updated 4 years ago