{"id":13462753,"url":"https://github.com/kai5263499/osx-security-awesome","last_synced_at":"2025-10-14T19:30:36.352Z","repository":{"id":45065890,"uuid":"64573526","full_name":"kai5263499/osx-security-awesome","owner":"kai5263499","description":"A collection of OSX and iOS security resources","archived":false,"fork":false,"pushed_at":"2025-07-23T13:18:46.000Z","size":191,"stargazers_count":764,"open_issues_count":0,"forks_count":115,"subscribers_count":52,"default_branch":"master","last_synced_at":"2025-09-06T08:14:24.730Z","etag":null,"topics":["awesome","awesome-list","hacking-mac","mac-osx","malware","osx-incident-response","osx-security"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kai5263499.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"contributing.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2016-07-31T02:39:34.000Z","updated_at":"2025-09-02T20:01:43.000Z","dependencies_parsed_at":"2024-01-11T23:22:10.480Z","dependency_job_id":"8f42fb7d-3d86-4fce-a9a8-8716e8d2130c","html_url":"https://github.com/kai5263499/osx-security-awesome","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/kai5263499/osx-security-awesome","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kai5263499%2Fosx-security-awesome","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kai5263499%2Fosx-security-awesome/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kai5263499%2Fosx-security-awesome/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kai5263499%2Fosx-security-awesome/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kai5263499","download_url":"https://codeload.github.com/kai5263499/osx-security-awesome/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kai5263499%2Fosx-security-awesome/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279020650,"owners_count":26086898,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-14T02:00:06.444Z","response_time":60,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["awesome","awesome-list","hacking-mac","mac-osx","malware","osx-incident-response","osx-security"],"created_at":"2024-07-31T13:00:29.579Z","updated_at":"2025-10-14T19:30:36.346Z","avatar_url":"https://github.com/kai5263499.png","language":null,"funding_links":[],"categories":["Endpoint","Others","Platforms","Security","\u003ca id=\"8c5a692b5d26527ef346687e047c5c21\"\u003e\u003c/a\u003e收集","Others (1002)","Other Lists","\u003ca id=\"e97d183e67fa3f530e7d0e7e8c33ee62\"\u003e\u003c/a\u003e未分类","Infosec resources","Operating Systems","System","Personal Security and Checklists"],"sub_categories":["Mobile / Android / iOS","TeX Lists","\u003ca id=\"f110da0bf67359d3abc62b27d717e55e\"\u003e\u003c/a\u003e新添加的","ColdFusion","macOS/iOS","Secure OSes"],"readme":"osx-security-awesome [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)[![Travis](https://api.travis-ci.org/kai5263499/osx-security-awesome.svg?branch=master)](https://travis-ci.org/kai5263499/osx-security-awesome)\n\n------------------------------------------------------------------------------------------\n\nA collection of OSX/iOS security related resources\n\n* [**News**](#news)\n\n* [**Hardening**](#hardening)\n\n* [**Malware sample sources**](#malware-sample-sources)\n\n* [**DFIR**](#digital-forensics--incident-response-dfir)\n\n* [**Reverse engineering**](#reverse-engineering)\n\n* [**Presentations and Papers**](#presentations-and-papers)\n\n* [**Virus and exploit writeups**](#virus-and-exploit-writeups)\n\n* [**Useful tools and guides**](#useful-tools-and-guides)\n\n* [**Remote Access Toolkits**](#remote-access-toolkits)\n\n* [**Worth following on Twitter**](#worth-following-on-twitter)\n\n\n------------------------------------------------------------------------------------------\n\n## News\n\n---------------------------------------------------------------------\n### [Linking a microphone](https://ubrigens.com/posts/linking_a_microphone.html)\n* The Story of CVE-2018-4184 or how a vulnearbility in OSX's Speech system allowed apps with access to the microphone to escape sandbox restrictions\n### [iOS vulnerability write-up](https://github.com/writeups/iOS)\n* A repository of iOS vulnerability write-ups as they are released\n* Also includes conference papers\n### [iOS display bugs](https://docs.google.com/document/d/1TDCVavaqDJCFjcQxZsL6InzHxPEYWwMMMh9QtfRGjbY/edit)\n* Regularly updated list of iOS display bugs\n\n### [Mac Virus](https://macviruscom.wordpress.com)\n* Frequently updated blog that provides a good summary of the latest unique mac malware.\n\n### [Intego Mac Security Blog](https://www.intego.com/mac-security-blog/)\n* Intego's corporate Mac security blog often contains recent and in-depth analysis of mac malware and other security issues\n\n### [Objective-See](https://objective-see.com/blog.html)\n* Objective-See's blog often contains in-depth breakdowns of malware they've reverse engineered and vulnarabilities they've discovered.\n\n### [The Safe Mac](https://www.thesafemac.com/)\n* Resource to help educate Mac users about security issues. Contains historical as well as timely security updates.\n\n### [Mac Security](https://macsecurity.net/news)\n* Another Mac security blog. This often includes more in-depth analysis of specific threats.\n\n### [OSX Daily](https://osxdaily.com/)\n* Not strictly security-specific but it contains jailbreaking information which has security implications\n\n## Hardening\n\n### [macops](https://github.com/google/macops)\n* Utilities, tools, and scripts for managing and tracking a fleet of Macintoshes in a corporate environment collected by Google\n\n### [SUpraudit](http://newosxbook.com/tools/supraudit.html)\n* System monitoring tool\n\n### [EFIgy](https://github.com/duo-labs/EFIgy)\n* A RESTful API and client that helps Apple Mac users determine if they are running the expected EFI firmware version given their Mac hardware and OS build version\n\n### [Launchd](https://www.launchd.info/)\n* Everything you need to know about the launchd service\n\n### [OSX startup sequence](http://osxbook.com/book/bonus/ancient/whatismacosx/arch_startup.html)\n* Step-by-step guide to the startup process\n\n### [Google OSX hardening](https://www.usenix.org/conference/lisa13/os-x-hardening-securing-large-global-mac-fleet)\n* Google's system hardening guide\n\n### [Run any command in a sandbox](https://www.davd.io/os-x-run-any-command-in-a-sandbox/)\n* How to for using OSX's sandbox system\n\n### [Sandblaster](https://github.com/malus-security/sandblaster)\n* Reversing the Apple sandbox\n* [Paper](https://arxiv.org/pdf/1608.04303.pdf)\n\n### [OSX El Capitan Hardening Guide](https://github.com/ernw/hardening/blob/master/operating_system/osx/10.11/ERNW_Hardening_OS_X_EL_Captain.md)\n* Hardening guide for El Capitan\n\n### [Hardening hardware and choosing a good BIOS](https://media.ccc.de/v/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge)\n* Protecting your hardware from \"evil maid\" attacks\n\n## Malware sample sources\n### [Objective-See](https://objective-see.com/malware.html)\n* Curated list of malware samples. Use this list if you're looking for interesting samples to reverse engineer\n### [Alien Vault](https://www.alienvault.com/blogs/labs-research/os-x-malware-samples-analyzed)\n### [Contagio malware dump](http://contagiodump.blogspot.com/2013/11/osx-malware-and-exploit-collection-100.html)\n\n## Digital Forensics / Incident Response (DFIR)\n### APOLLO tool\n* Python tool for advanced forensics analysis\n* [Presentation slides](https://github.com/mac4n6/Presentations/blob/master/LaunchingAPOLLO/LaunchingAPOLLO.pdf)\n* [Source code](https://github.com/mac4n6/APOLLO)\n### [venator](https://posts.specterops.io/introducing-venator-a-macos-tool-for-proactive-detection-34055a017e56)\n* Python tool for proactive detection tool for malware and trojans\n* [Source](https://github.com/richiercyrus/Venator)\n### [lynis](https://github.com/CISOfy/lynis/)\n* Security auditing tool for UNIX-based systems, including macOS\n### [AutoMacTC](https://github.com/CrowdStrike/automactc)\n* [Modular forensic triage collection framework](https://www.crowdstrike.com/blog/automating-mac-forensic-triage/) from CrowdStrike \n### [Legacy Exec History](https://github.com/knightsc/system_policy)\n* OSQuery module to give you a report of 32bit processes running on a 10.14 machine\n### [Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage](https://www.mac4n6.com/blog/2018/8/5/knowledge-is-power-using-the-knowledgecdb-database-on-macos-and-ios-to-determine-precise-user-and-application-usage)\n### [Artefacts for Mac OSX](http://sud0man.blogspot.com/2015/05/artefacts-for-mac-os-x.html?m=1)\n* Locations of sensitive files\n### [Pac4Mac](https://github.com/sud0man/pac4mac)\n* Forensics framework\n### [Inception](https://github.com/carmaa/inception)\n* Physical memory manipulation\n### [Volafox](https://github.com/n0fate/volafox)\n* Memory analysis toolkit\n### [Mac4n6](https://github.com/pstirparo/mac4n6)\n* Collection of OSX and iOS artifacts\n### [Keychain analysis with Mac OSX Forensics](https://repo.zenk-security.com/Forensic/Keychain%20Analysis%20with%20Mac%20OS%20X%20Memory%20Forensics.pdf)\n### [OSX Collector](https://github.com/Yelp/osxcollector)\n* Forensics utility developed by Yelp\n### [OSX incident response](https://www.youtube.com/watch?v=gNJ10Kt4I9E)\n* OSX incident response at GitHub [Slides](https://speakerdeck.com/sroberts/hipster-dfir-on-osx-bsidescincy)\n### [iOS Instrumentation without jailbreaking](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/october/ios-instrumentation-without-jailbreak/)\n* How to debug an iOS application that you didn't create\n### [Certo](https://www.certosoftware.com/)\n* Paid service for analyzing the iTunes backup of your iOS device\n### [Blackbag Tech free tools](https://www.blackbagtech.com/resources/free-tools/)\n### [OSX (Mac) Memory Acquisition and Analysis Using OSXpmem and Volatility](https://ponderthebits.com/2017/02/osx-mac-memory-acquisition-and-analysis-using-osxpmem-and-volatility/)\n### [mac-apt](https://github.com/ydkhatri/mac_apt)\n* Mac Artifact Parsing Tool for processing full disk images and extracting useful information\n* The author also has a collection of [DFIR scripts](https://github.com/ydkhatri/MacForensics)\n\n## Reverse engineering\n### [New OS X Book](http://www.newosxbook.com/)\n* Frequently updated book on OSX internals\n### [Collection of OSX reverse engineering resources](https://github.com/michalmalik/osx-re-101)\n* Another Awesome-style list dedicated to OSX reverse engineering resources\n### [The iPhone Wiki](https://www.theiphonewiki.com/wiki/Main_Page)\n### [Reverse engineering OSX](https://reverse.put.as/)\n### [OSX crackmes](https://reverse.put.as/crackmes/)\n* A collection of puzzles to test your reverse engineering skills\n### [Introduction to Reverse Engineering Cocoa Applications](https://www.fireeye.com/blog/threat-research/2017/03/introduction_to_reve.html)\n* Walkthrough for Coca applications\n### [iOS Kernel source](https://github.com/apple/darwin-xnu)\n* Source code for iOS kernel\n### [Reverse Engineering Challenges](https://challenges.re/)\n* Very good list of various crackme challenges that is categorized by level and OS\n### [Awesome Reversing](https://github.com/tylerha97/awesome-reversing)\n* Awesome list dedicated to reversing\n\n## Presentations and Papers\n### [Area41 2018: Daniel Roethlisberger: Monitoring MacOS For Malware And Intrusions](https://www.youtube.com/watch?v=OSSkBgn_xJs\u0026feature=youtu.be)\n### [Windshift APT](https://www.youtube.com/watch?v=Mza6qv4mY9I\u0026feature=youtu.be\u0026t=6h12m24s)\n* [Deep-dive write-up by Objective See](https://objective-see.com/blog/blog_0x38.html)\n### [Automated Binary Analysis on iOS – A Case Study on Cryptographic Misuse in iOS Applications](https://pure.tugraz.at/ws/portalfiles/portal/17749575)\n* Examining iOS applications for poorly guarded secrets\n### [Writing Bad @$$ Malware for OSX](https://www.youtube.com/watch?v=fv4l9yAL2sU)\n* [Slides](https://www.slideshare.net/Synack/writing-bad-malware-for-os-x) and [another related video](https://www.youtube.com/watch?v=oT8BKt_0cJw).\n### [Methods of Malware Persistence on OSX](https://www.youtube.com/watch?v=rhhvZnA4VNY)\n### [Advanced Mac OSX Rootkits](https://www.blackhat.com/presentations/bh-usa-09/DAIZOVI/BHUSA09-Daizovi-AdvOSXRootkits-SLIDES.pdf)\n### [The Python Bytes Your Apple](https://speakerdeck.com/flankerhqd/the-python-bites-your-apple-fuzzing-and-exploiting-osx-kernel-bugs)  \n* Fuzzing and exploiting OSX kernel bugs\n### [Breaking iOS Code Signing](https://papers.put.as/papers/ios/2011/syscan11_breaking_ios_code_signing.pdf)\n### [The Apple Sandbox - 5 years later](http://newosxbook.com/files/HITSB.pdf)\n### [Practical iOS App Hacking](https://papers.put.as/papers/ios/2012/Mathieu-RENARD-GreHACK-Practical-iOS-App-Hacking.pdf)\n### [Behavioral Detection and Prevention of Malware on OS X](https://www.virusbulletin.com/blog/2016/september/paper-behavioural-detection-and-prevention-malware-os-x/)\n### [Security on OSX and iOS](https://www.youtube.com/watch?v=fdxxPRbXPsI)\n* [Slides](https://www.slideshare.net/nosillacast/security-on-the-mac)\n\n### [Thunderstrike](https://trmm.net/Thunderstrike_31c3)\n* [Video](https://www.youtube.com/watch?v=5BrdX7VdOr0), hacking Mac's extensible firmware interface (EFI)\n### [Direct Memory Attack the Kernel](https://github.com/ufrisk/presentations/blob/master/DEFCON-24-Ulf-Frisk-Direct-Memory-Attack-the-Kernel-Final.pdf)\n### [Don't trust your eye, Apple graphics is compromised](https://speakerdeck.com/marcograss/dont-trust-your-eye-apple-graphics-is-compromised)\n* security flaws in IOKit's graphics acceleration that lead to exploitation from the browser\n### [Fuzzing and Exploiting OSX Vulnerabilities for Fun and Profit Complementary Active \u0026 Passive Fuzzing](https://www.slideshare.net/PacSecJP/moony-li-pacsec18?qid=15552f01-6655-4555-9894-597d62fd803c)\n### [Strolling into Ring-0 via I/O Kit Drivers](https://speakerdeck.com/patrickwardle/o-kit-drivers)\n### [Juice Jacking](https://www.youtube.com/watch?v=TKAgemHyq8w)\n### [Attacking OSX for fun and profit tool set limiations frustration and table flipping Dan Tentler](https://www.youtube.com/watch?v=9T_2KYox9Us)\n* [Follow-up from target](https://www.youtube.com/watch?v=bjYhmX_OUQQ)\n### [Building an EmPyre with Python](https://www.youtube.com/watch?v=79qzgVTP3Yc)\n### [PoisonTap](https://www.youtube.com/watch?v=Aatp5gCskvk)\n### [Storing our Digital Lives - Mac Filesystems from MFS to APFS](https://www.youtube.com/watch?v=uMfmgcnrn24)\n* [slides](http://macadmins.psu.edu/files/2017/07/psumac2017-174-Storing-our-digital-lives-Mac-filesystems-from-MFS-to-APFS.key-254bf2y.pdf)\n### [Collection of mac4en6 papers/presentations](https://drive.google.com/drive/folders/0B37-sa0Wh9_TdjVSbzRvMEVGQ2c)\n### [The Underground Economy of Apple ID](https://www.youtube.com/watch?v=4acVKs9WPts)\n### [iOS of Sauron: How iOS Tracks Everything You Do](https://www.youtube.com/watch?v=D6cSiHpvboI)\n### [macOS/iOS Kernel Debugging and Heap Feng Shui](https://github.com/zhengmin1989/MyArticles/blob/master/PPT/DEFCON-25-Min-Spark-Zheng-macOS-iOS-Kernel-Debugging.pdf)\n### [Billy Ellis iOS/OSX hacking YouTube channel](https://www.youtube.com/channel/UCk2sx_3FUkKvDGlIhdUQa8A)\n### [A Technical Autopsy of the Apple - FBI Debate using iPhone forensics | SANS DFIR Webcast](https://www.youtube.com/watch?v=_q_2mN8U91o)\n### [Jailbreaking Apple Watch at DEFCON-25](https://www.youtube.com/watch?v=eJpbi-Qz6Jc)\n### [SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles](http://www.icri-sc.org/fileadmin/user_upload/Group_TRUST/PubsPDF/sandscout-final-ccs-2016.pdf)\n* An exploration of the sandbox protections policies\n* [Presentation](https://www.youtube.com/watch?v=TnwXEDCIowQ)\n\n## Virus and exploit writeups\n### [Detailed Analysis of macOS/iOS Vulnerability CVE-2019-6231](https://www.fortinet.com/blog/threat-research/detailed-analysis-of-macos-ios-vulnerability-cve-2019-6231.html)\n* Exploration of QuartzCore/CoreAnimation flaw leading to a malicious application being able to read restricted memory.\n### [kernelcache laundering](https://github.com/Synacktiv-contrib/kernelcache-laundering)\n* Load iOS12 kernelcaches and PAC code in IDA\n### [blanket](https://github.com/bazad/blanket)\n* Proof of concept for CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6\n### [Proof of Concept for Remote Code Execution in WebContent](https://github.com/externalist/exploit_playground/blob/master/CVE-2018-4233/pwn_i8.js)\n* [MachO tricks](https://iokit.racing/machotricks.pdf) - Appears to be slides from a presentation that ends with the CVE listed above\n### [There's Life in the Old Dog Yet: Tearing New Holes into Intel/iPhone Cellular Modems](https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/)\n* How the public warning system can be used as an attack vector \n### [I can be Apple, and so can you](https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/)\n* An exploration of a code signing vulnerability in macOS that has persisted for 11 years\n* [Creating signed and customized backdoored macos apps](https://medium.com/@adam.toscher/creating-signed-and-customized-backdoored-macos-applications-by-abusing-apple-developer-tools-b4cbf1a98187)\n### [Leveraging emond on macOS for persistence](https://posts.specterops.io/leveraging-emond-on-macos-for-persistence-a040a2785124)\n### [APFS credential leak vulnerability](https://www.mac4n6.com/blog/2018/3/21/uh-oh-unified-logs-in-high-sierra-1013-show-plaintext-password-for-apfs-encrypted-external-volumes-via-disk-utilityapp)\n* A flaw in Unified Logs leaks the password for encrypted APFS volumes\n\n### [A fun XNU infoleak](https://bazad.github.io/2018/03/a-fun-xnu-infoleak/)\n### Meltdown\n* CPU flaw allowing kernel memory to be accessed by hijacking speculative\n  execution\n* [Proof of concept](https://github.com/gkaindl/meltdown-poc)\n* [Apple's statement](https://support.apple.com/en-us/HT208394)\n* [Measuring OSX meltdown patches performance](https://reverse.put.as/2018/01/07/measuring-osx-meltdown-patches-performance/)\n* [iPhone performance after Spectre patch](https://www.gsmarena.com/spectre_and_meltdown_testing_performance_impact_on_iphone_8_plus-news-29132.php)\n### [Flashback](https://www.cnet.com/news/more-than-600000-macs-infected-with-flashback-botnet/)\n* [Detailed analysis](https://www.intego.com/mac-security-blog/more-about-the-flashback-trojan-horse/)\n### [Flashback pt 2](https://www.intego.com/mac-security-blog/flashback-botnet-is-adrift/)\n### [iWorm](https://www.thesafemac.com/iworm-method-of-infection-found/)\n* [Detailed analysis](https://www.intego.com/mac-security-blog/iworm-botnet-uses-reddit-as-command-and-control-center/)\n### [Thunderbolt](https://www.theregister.co.uk/2015/01/08/thunderstrike_shocks_os_x_with_first_firmware_bootkit/)\n* Firmware bootkit\n### [Malware in firmware: how to exploit a false sense of security](https://www.welivesecurity.com/2017/10/19/malware-firmware-exploit-sense-security/)\n* A post on the resurgence of bootkits and how to defend against them\n### [Proton RAT](https://www.cybereason.com/blog/labs-proton-b-what-this-mac-malware-actually-does)\n* Exploration of a Remote Access Toolkit\n\n### [Mokes](https://thehackernews.com/2016/09/cross-platform-malware.html)\n### [MacKeeper](https://www.cultofmac.com/170522/is-mackeeper-really-a-scam/)\n### [OpinionSpy](https://www.thesafemac.com/opinionspy-is-back/)\n### [Elanor](https://blog.malwarebytes.com/cybercrime/2016/07/new-mac-backdoor-malware-eleanor/)\n### [Mac Defender](https://macsecurity.net/view/79-remove-mac-defender-virus-from-mac-os-x)\n### [Wire Lurker](https://www.paloaltonetworks.com/resources/research/unit42-wirelurker-a-new-era-in-ios-and-os-x-malware.html)\n### [KeRanger](https://techcrunch.com/2016/03/07/apple-has-shut-down-the-first-fully-functional-mac-os-x-ransomware/)\n* First OSX ransomware\n### [Proof-of-concept USB attack](https://www.ehackingnews.com/2016/09/a-usb-device-can-steal-credentials-from.html)\n### [Dark Jedi](https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/)\n### EFI attack that exploits a vulnerability in suspend-resume cycle [Sentinel One write-up](https://www.sentinelone.com/blog/reverse-engineering-mac-os-x/)\n### [XAgent Mac Malware Used In APT-28](https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/)\n* [Samples](http://contagiodump.blogspot.com/2017/02/russian-apt-apt28-collection-of-samples.html)\n### [Juice Jacking](https://www.howtogeek.com/166497/htg-explains-what-is-juice-jacking-and-how-worried-should-you-be/)\n### [Local Privilege Escalation for macOS 10.12.2 and XNU port Feng Shui](https://github.com/zhengmin1989/macOS-10.12.2-Exp-via-mach_voucher)\n\n### [Ian Beer, Google Project Zero: \"A deep-dive into the many flavors of IPC available on OS X.\"](https://www.youtube.com/watch?v=D1jNCy7-g9k)\n* Deep dive into the interprocess communication and its design flaws\n\n### [PEGASUS iOS Kernel Vulnerability Explained](https://sektioneins.de/en/blog/16-09-02-pegasus-ios-kernel-vulnerability-explained.html)\n### [Analysis of iOS.GuiInject Adware Library](https://www.sentinelone.com/blog/analysis-ios-guiinject-adware-library/)\n### [Broadpwn](https://blog.exodusintel.com/2017/07/26/broadpwn/)\n* Gaining access through the wireless subsystem\n\n### [Reverse Engineering and Abusing Apple Call Relay Protocol](https://www.martinvigo.com/diy-spy-program-abusing-apple-call-relay-protocol/)\n* Details the discovery of a vulnerability in Apple's Call handoff between mobile and desktop through analyzing network traffic.\n\n### Exploiting the Wifi Stack on Apple Devices\nGoogle's Project Zero series of articles that detail vulnerabilities in the wireless stack used by Apple Devices\n  * [Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)](https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html)\n  * [Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)](https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html)\n  * [Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices](https://googleprojectzero.blogspot.com/2017/09/over-air-vol-2-pt-1-exploiting-wi-fi.html)\n  * [Over The Air - Vol. 2, Pt. 2: Exploiting The Wi-Fi Stack on Apple Devices](https://googleprojectzero.blogspot.com/2017/10/over-air-vol-2-pt-2-exploiting-wi-fi.html)\n  * [Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices](https://googleprojectzero.blogspot.com/2017/10/over-air-vol-2-pt-3-exploiting-wi-fi.html)\n\n### [ChaiOS bug](https://www.grahamcluley.com/chaios-bug-crash-ios-macos-messages/)\n* A message that crashes iMessage\n* Looks similar to [previous](https://arstechnica.com/gadgets/2013/08/rendering-bug-crashes-os-x-and-ios-apps-with-string-of-arabic-characters/) [bugs](https://www.intego.com/mac-security-blog/crash-text-message-iphone/) rendering Arabic characters\n\n## Useful tools and guides\n### [Mac@IBM](https://github.com/IBM/mac-ibm-enrollment-app)\n* Mac enrollment helper provided by IBM\n### [mOSL](https://github.com/0xmachos/mOSL)\n* Audit and fix macOS High Sierra (10.13.x) security settings\n### [Darling](https://github.com/darlinghq/darling)\n* Darwin/macOS emulation layer for Linux\n### [Kemon](https://github.com/didi/kemon)\n* Open source kernel monitoring\n### [jelbrektime](https://github.com/kai5263499/jelbrekTime)\n* Developer jailbreak for Apple Watch\n### [Booting Secure](http://michaellynn.github.io/2018/07/27/booting-secure/)\n* Deep dive into Secure Boot on 2018 MacBook Pro\n### [Tutorial - emulate an iOS kernel in QEMU up to launchd and userspace](https://worthdoingbadly.com/xnuqemu2/)\n* Tutorial on getting an iOS kernel to run in QEMU\n### [xnumon](https://www.roe.ch/xnumon)\n* Monitor macOS for malicious activity\n* [source](https://github.com/droe/xnumon)\n### [DetectX](https://sqwarq.com/detectx/)\n* Audits system artifacts to help you identify unknown and novel threats\n### [Are you really signed?](https://github.com/Sentinel-One/macos-are-you-really-signed)\n* Utility to test for code-sign bypass vulnerability\n### [osx security growler](https://github.com/pirate/security-growler)\n* Mac menubar item that lets you know about security events on your system\n### [mac-a-mal](https://github.com/phdphuc/mac-a-mal)\n* Automated malware analysis on macOS\n### [jrswizzle](https://github.com/rentzsch/jrswizzle)\n* method interface exchange\n### [MacDBG](https://github.com/blankwall/MacDBG)\n* C and Python debugging framework for OSX\n### [bitcode_retriever](https://github.com/AlexDenisov/bitcode_retriever)\n* store and retrieve bitcode from Mach-O binary\n### [machotools](https://github.com/enthought/machotools)\n* retrieve and change information about mach-o files\n### [onyx-the-black-cat](https://github.com/acidanthera/onyx-the-black-cat) ([outdated original](https://github.com/gdbinit/onyx-the-black-cat))\n* kernel module for OSX to defeat anti-debugging protection\n### [create-dmg](https://github.com/andreyvit/create-dmg)\n* CLI utility for creating and modifying DMG files\n### [dmg2iso](https://sourceforge.net/projects/dmg2iso/?source=typ_redirect)\n* convert dmg to iso\n### [Infosec Homebrew](https://github.com/kai5263499/homebrew-infosec)\n* Homebrew tap for security-related utilities\n### [Awesome OSX Command Line](https://github.com/herrbischoff/awesome-macos-command-line)\n* Collection of really useful shell commands\n### [Keychain dump](https://github.com/juuso/keychaindump)\n* Dump keychain credentials\n### [KnockKnock](https://objective-see.com/products/knockknock.html)\n* Listing startup items. Also includes VirusTotal information\n### [Lingon-X](https://www.peterborgapps.com/lingon/)\n* GUI for launchd\n### [Hopper](https://www.hopperapp.com/)\n* Excellent OSX debugger (requires license)\n### [Symhash](https://github.com/threatstream/symhash)\n* Python utility for generating imphash fingerprints for OSX binaries\n### [KisMac2](https://github.com/IGRSoft/KisMac2)\n* Wireless scanning and packet capturing\n### [Passive fuzz framework](https://github.com/SilverMoonSecurity/PassiveFuzzFrameworkOSX)\n* Framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode\n### [Platypus](https://sveinbjorn.org/platypus)\n* GUI for generating .app bundles\n### [createOSXinstallPkg](https://github.com/munki/createOSXinstallPkg)\n* CLI for generating .pkg installers\n### [PoisonTap](https://github.com/samyk/poisontap)\n### [Chipsec](https://github.com/chipsec/chipsec)\n* System firmware checker by Intel\n### [Revisiting Mac OS X Kernel Rootkits by Phrack Magazine](http://phrack.org/issues/69/7.html)\n* A collection of OSX rootkit ideas\n### [iPhone Data Protection in Depth](http://conference.hackinthebox.org/hitbsecconf2011ams/materials/D2T2%20-%20Jean-Baptiste%20Be%CC%81drune%20\u0026%20Jean%20Sigwald%20-%20iPhone%20Data%20Protection%20in%20Depth.pdf)\n### [Cycript](http://www.cycript.org/)\n* Remote control library for fuzz testing iOS apps\n### [ChaoticMarch](https://github.com/synack/chaoticmarch)\n* Blackbox fuzz testing for iOS apps (requires jailbreak)\n### [iOS backup decrypt script](https://stackoverflow.com/questions/1498342/how-to-decrypt-an-encrypted-apple-itunes-iphone-backup)\n* Contains a script for decrypting an encrypted iOS backup archive\n### [Remote Packet Capture for iOS Devices](https://useyourloaf.com/blog/remote-packet-capture-for-ios-devices/)\n* Use a remote virtual interface to capture packets from a tethered iOS device\n* [Python utility](https://thrysoee.dk/iospcap/)\n* [Another python utility](https://github.com/gh2o/rvi_capture)\n### [Pareto Security](https://paretosecurity.app/)\n* A MenuBar app to automatically audit your Mac for basic security hygiene.\n### [Mana Security](https://manasecurity.com/)\n* Vulnerability Management app for individuals. It helps to keep macOS and installed applications updated.\n### [cnspec](https://cnspec.io/)\n* Open source vulnerability and misconfiguration scanning for macOS hosts + much more.\n### [Intro To IOS Malware Detection](https://8ksec.io/mobile-malware-analysis-part-4-intro-to-ios-malware-detection/)\n* iOS malware, its types, methods of gathering forensics information\n### [Ipsw Walkthrough](https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/)\n* Part one that covers basic uses\n### [Mobile CTF challenges](https://8ksec.io/battle/)\n\n## Remote Access Toolkits\n### [Empyre](https://github.com/EmpireProject/EmPyre)\n### [Bella](https://github.com/kai5263499/Bella)\n### [Stitch](https://nathanlopez.github.io/Stitch/)\n### [Pupy](https://github.com/n1nj4sec/pupy)\n### [EggShell surveillance tool](https://github.com/neoneggplant/EggShell) - Works on OSX and jailbroken iOS\n### [EvilOSX](https://github.com/Marten4n6/EvilOSX) - Pure python post-exploitation toolkit\n\n## Worth following on Twitter\n* [@patrickwardle](https://twitter.com/patrickwardle)\n* [@objective_see](https://twitter.com/objective_see)\n* [@0xAmit](https://twitter.com/0xAmit)\n* [@osxreverser](https://twitter.com/osxreverser)\n* [@liucoj](https://twitter.com/liucoj)\n* [@osxdaily](https://twitter.com/osxdaily)\n* [@iamevltwin](https://twitter.com/iamevltwin)\n* [@claud_xiao](https://twitter.com/claud_xiao)\n* [@JPoForenso](https://twitter.com/JPoForenso)\n* [@patrickolsen](https://twitter.com/patrickolsen)\n\n## Other OSX Awesome lists\n* [ashishb/osx-and-ios-security-awesome](https://github.com/ashishb/osx-and-ios-security-awesome)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkai5263499%2Fosx-security-awesome","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkai5263499%2Fosx-security-awesome","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkai5263499%2Fosx-security-awesome/lists"}