Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-apple-security
Curated list of tools, techniques and resources related to Apple Security (macOS, iOS, iPadOS, tvOS, watchOS) aimed to help people with an interest in Apple related security topics to get a hold in this field, and for professionals to discover / explore other resources.
https://github.com/BlackSquirrelz/awesome-apple-security
Last synced: 4 days ago
JSON representation
-
Articles
-
Acquisition and Evidence Collection
- RE Cocoa Applications
- Office365 Sanbox Escape - Sandbox Escape macOS for Office365.
-
-
Books and Magazines
-
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- macOS Internals - Internals of macOS (2007).
- Kernel Programming - Kernel Programming reference for macOS / iOS.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- Learning iOS Penetration Testing - By Swaroop Yermalkar.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
-
Acquisition and Evidence Collection
- The Art of Mac Malware - Primer on malware on macOS by Patrick Wardle.
- macOS Incident Response - macOS Incident Response primer (2017).
- Kernel Book - Book in three parts about the macOS Kernel.
- eForensics Magazine - Magazine for (macOS) Forensics.
- iOS Forensics for Investigators - iOS Forensics Book.
- iOS Hacking Guide - By Security Innovation.
- Hacking and Securing iOS Applications - By Jonathan Zdziarski.
- iOS Hacker's Handbook - By Charlie Miller.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- macOS Internals - Internals of macOS (2007).
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- Kernel Programming - Kernel Programming reference for macOS / iOS.
- iOS Application Security: The Definitive Guide for Hackers and Developers - By David Thiel.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
- iOS Penetration Testing: A Definitive Guide to iOS Security - By Kunal Relan.
-
-
Forensics
-
Acquisition and Evidence Collection
- The ESF Playground - A tool to view the events in Apple Endpoint Security Framework (ESF) in real time.
- Auditor - Deprecated macOS DFIR tool for older systems.
- Collector - macOS offshoot for live response.
- Cellebrite Digital Collector (Former Macquisition) - Commercial Tooling for Acquisition of macOS Forensic Images.
- mac_apt - Plugin based forensics framework for quick mac triage that works on live machines, disk images or individual artifact files.
-
-
Apple Guidance
-
Acquisition and Evidence Collection
- Developers Documentation - Developer Documentation for reference.
- Security Documentation - Security Documentation of Apple Products.
- Report Vulnerabilities - In case you want to submit a vulnerability to Apple.
- Apple File System - Documentation on the filesystem.
-
- Apple Security Bounty - Apple's Bug Bounty Program information.
- Apple Platform Security - Apple Information on Platform Security.
-
-
Attack Vectors and Adversary Techniques
-
Acquisition and Evidence Collection
- MITRE ATT&CK - macOS Matrix - Tools, Techniques and Attack Vectors used by adversaries to target macOS devices.
- Sandbox Evasion Macros - How to evade the sandbox with MS Office Macros.
-
-
Blogs
-
Acquisition and Evidence Collection
- Mac Security Blog - Generic Blog on macOS Security.
- Wojciech Regula's Blog - Wojciech's macOS Related blog.
- Mac4n6 - Mac Forensics.
- Mandiant - Mandiant macOS Articles.
- Cedric Owens Medium Blog - Cedric Owens Blog on macOS Security.
-
- Cedric Owens Medium Blog - Cedric Owens Blog on macOS Security.
- Objective-See by Patrick Wardle - Patrick Wardle's Website.
-
-
People
-
- Cedric Owens - X - macOS Security Researcher and Purple Teamer.
- Csaba Fitzl - X - Hungarian Researcher specialized on macOS Security.
- Patrick Wardle - X - Founder of Objective-see, and Security Researcher.
- Sarah Edwards - X - Security Researcher and Trainer of SANS 518 Course.
-
Acquisition and Evidence Collection
- Cody Thomas - GitHub - Developer of Mythic C2.
- Alexis Brignoni - X - DFIR Researcher, iLEAPP Developer.
- Regula Wojciech - X - macOS Security Researcher.
-
-
Hardware Information
-
Acquisition and Evidence Collection
- Hardware Database - Lookup hardware specifications of every mac model.
- M1 Chip Safe Mode - Blogpost on M1 Chipset Safe Mode.
-
-
Log Analysis
-
Acquisition and Evidence Collection
- Unified Log - A primer on macOS Unified Log.
- Unified Log in Incident Response - Using the Unified Log for Incident Response.
-
-
Malware
-
Acquisition and Evidence Collection
- The Safe Mac - Older macOS Malware Catalogue.
- VX-Underground Malware Source Code - Malware Sourcecode collection (various OS).
- Objective-See Malware - Malware Collection by Patrick Wardle.
-
-
Processes
-
Acquisition and Evidence Collection
- True Tree - Improved process tree.
-
- Process and File Monitor - Command Line Utilit(ies) to monitor processes and files.
-
-
Persistence
-
Acquisition and Evidence Collection
- Persistence Samples - Collection of persistence methods and samples used.
- Apple Persistence Mechanisms - Persistence Mechanisms.
- PersistentJXA - Collection of macOS persistence methods in JXA.
-
- Knockknock - Displays persistence items in macOS.
-
-
Tools
-
Process Viewer
- Process Tree - Process tree Repository.
-
File System
- FS Monitor - FS Monitor to view live file system changes.
- iOS FS Event Parser - Parsing filesystem events.
- macOS FS Events Parser - FS Events Parser.
-
Offensive Tools
-
Reverse Engineering Tools
- Hopper - A reverse engineering tool that will assist you in your static analysis of executable files.
- jtool - An app inspector, disassembler, and signing utility for the macOS, iOS.
- Sideloadly - An app to sideload your favorite games and apps to Jailbroken & Non-Jailbroken iOS devices.
- Cydia Impactor - A GUI tool for sideloading iOS application.
- AltStore - Allows to sideload other apps (.ipa files) onto iOS device.
- Ghidra - A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate.
- Radare2 - UNIX-like reverse engineering framework and command-line toolset.
- Cutter - Free and Open Source Reverse Engineering Platform powered by rizin.
- frida-ios-dump - A tool to pull a decrypted IPA from a jailbroken device.
- bagbak - Yet another frida based App decryptor. Requires jailbroken iOS device and frida.re.
- flexdecrypt - An iOS App & Mach-O binary decryptor.
- bfdecrypt - Utility to decrypt App Store apps on jailbroken iOS 11.x.
- bfinject - Easy dylib injection for jailbroken 64-bit iOS 11.0 - 11.1.2. Compatible with Electra and LiberiOS jailbreaks.
- r2flutch - Yet another tool to decrypt iOS apps using r2frida.
- Clutch - A high-speed iOS decryption tool.
- dsdump - An improved nm + objc/swift class-dump tool.
- class-dump - A command-line utility for examining the Objective-C segment of Mach-O files.
- iOS App Signer - An app for macOS that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device.
- SwiftDump - A command-line tool for retriving the Swift Object info from Mach-O file.
-
Dynamic Analysis Tools
- Corellium - The only platform offering ARM-based mobile device virtualization using a custom-built hypervisor for real-world accuracy and high performance.
- itunnel - Use to forward SSH via USB.
- membuddy - Dynamic memory analysis & visualisation tool for security researchers.
- LLDB - A next generation, high-performance debugger.
- mitmproxy - A free and open source interactive HTTPS proxy.
- Burp Suite - An advanced HTTPS proxy software.
- Frida - Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers.
- frida-gum - Cross-platform instrumentation and introspection library written in C.
- Fridax - Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications.
- r2frida - Radare2 and Frida better together.
- r2ghidra - An integration of the Ghidra decompiler for radare2.
- iproxy - A utility allows binding local TCP ports so that a connection to one (or more) of the local ports will be forwarded to the specified port (or ports) on a usbmux device.
- objection - A runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak.
- Grapefruit - Runtime Application Instruments for iOS.
- Passionfruit - Simple iOS app blackbox assessment tool, powered by frida 12.x and vuejs.
- Runtime Mobile Security (RMS) - Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime.
- unidbg - Allows you to emulate an Android ARM32 and/or ARM64 native library, and an experimental iOS emulation.
- Qiling - An advanced binary emulation framework.
- fishhook - A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS.
- Dwarf - Full featured multi arch/os debugger built on top of PyQt5 and frida.
- FridaHookSwiftAlamofire - A frida tool that capture GET/POST HTTP requests of iOS Swift library 'Alamofire' and disable SSL Pinning.
- ios-deploy - Install and debug iOS apps from the command line. Designed to work on un-jailbroken devices.
- aah - Run iOS arm64 binaries on x86_64 macOS, with varying degrees of success.
-
Static Analysis Tools
- iFunbox - A general file management software for iPhone and other Apple products.
- 3uTools - An All-in-One management software for iOS devices.
- iTools - An All-in-One solution for iOS devices management.
- iLEAPP - An iOS Logs, Events, And Plist Parser.
- Keychain Dumper - A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken.
- BinaryCookieReader - A tool to read the binarycookie format of Cookies on iOS applications.
- PList Viewer - Gtk application to view property list files.
- XMachOViewer - A Mach-O viewer for Windows, Linux and macOS.
- MachO-Explorer - A graphical Mach-O viewer for macOS. Powered by Mach-O Kit.
-
Frida
- iOS 13 SSL Bypass - SSL Pinning Bypass for iOS 13.
- iOS 12 SSL Bypass - SSL Pinning Bypass for iOS 12.
- iOS Jailbreak Detection Bypass - A Frida script used for bypass iOS jailbreak detection by hooking some methods and functions.
- iOS App Static Analysis - Script for iOS app's static analysis.
- Touch ID Bypass - A Frida script for iOS Touch/Face ID Bypass.
-
-
Conferences
-
Frida
-
-
Trainings
-
Frida
- OffSec EXP-312 - Advanced macOS Control Bypass Trainin by OffSec's @theevilbit.
- Sumuri - Forensics Training in two parts for macOS, to gain Certified Forensic Mac Examiner Certification.
- SANS 518 - Course at SANS for macOS and iOS Forensics.
- Objective-by-the-sea - Security Conference (macOS) organized by Patrick Wardle.
- SpecterOPS - SPECTEROPS macOS Adversary Tactics.
- Pentesting iOS Applications - By PentesterAcademy.
-
-
Videos
-
Frida
- Curated YouTube Playlist - Curated YouTube playlist with macOS/iOS Security Topics.
-
-
Software Collections
-
Acquisition and Evidence Collection
- Macintosh Repository - Repository of old macOS Software.
-
Programming Languages
Categories
Sub Categories
Keywords
reverse-engineering
9
frida
8
ios
8
android
4
instrumentation
3
unicorn-emulator
3
radare2
3
security
3
c
2
forensics
2
debugger
2
ipa
2
emulator
2
mobile-security
2
mobile
2
framework
2
ios-security
2
android-security
2
disassembler
2
machoexplorer
2
malware
2
macho
2
macos
2
machoview
2
brave-browser
1
nlist
1
malware-research
1
nlists
1
objc
1
objective-c
1
swift
1
symbols
1
malware-development
1
malware-detection
1
vala
1
ahead-of-time
1
aot
1
arguments
1
functions
1
binary-analysis
1
software-analysis
1
commandline
1
redteam
1
pentesting
1
malware-analysis
1
opera-browser
1
main-in-the-browser
1
cutter
1
gui
1
decrypted
1