Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
osx-security-awesome
A collection of OSX and iOS security resources
https://github.com/kai5263499/osx-security-awesome
Last synced: 3 days ago
JSON representation
-
Hardening
-
Digital Forensics / Incident Response (DFIR)
-
APOLLO tool
-
[AutoMacTC](https://github.com/CrowdStrike/automactc)
-
[OSX incident response](https://www.youtube.com/watch?v=gNJ10Kt4I9E)
-
[venator](https://posts.specterops.io/introducing-venator-a-macos-tool-for-proactive-detection-34055a017e56)
-
[mac-apt](https://github.com/ydkhatri/mac_apt)
-
-
Presentations and Papers
-
[Windshift APT](https://www.youtube.com/watch?v=Mza6qv4mY9I&feature=youtu.be&t=6h12m24s)
-
[Writing Bad @$$ Malware for OSX](https://www.youtube.com/watch?v=fv4l9yAL2sU)
-
[Security on OSX and iOS](https://www.youtube.com/watch?v=fdxxPRbXPsI)
-
[Thunderstrike](https://trmm.net/Thunderstrike_31c3)
-
[Attacking OSX for fun and profit tool set limiations frustration and table flipping Dan Tentler](https://www.youtube.com/watch?v=9T_2KYox9Us)
-
[Storing our Digital Lives - Mac Filesystems from MFS to APFS](https://www.youtube.com/watch?v=uMfmgcnrn24)
-
[SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles](http://www.icri-sc.org/fileadmin/user_upload/Group_TRUST/PubsPDF/sandscout-final-ccs-2016.pdf)
-
-
Virus and exploit writeups
-
[Proof of Concept for Remote Code Execution in WebContent](https://github.com/externalist/exploit_playground/blob/master/CVE-2018-4233/pwn_i8.js)
- MachO tricks - Appears to be slides from a presentation that ends with the CVE listed above
-
[I can be Apple, and so can you](https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/)
-
Meltdown
-
[Flashback](https://www.cnet.com/news/more-than-600000-macs-infected-with-flashback-botnet/)
-
[iWorm](https://www.thesafemac.com/iworm-method-of-infection-found/)
-
[XAgent Mac Malware Used In APT-28](https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/)
-
Exploiting the Wifi Stack on Apple Devices
- Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices
- Over The Air - Vol. 2, Pt. 2: Exploiting The Wi-Fi Stack on Apple Devices
- Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices
- Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)
- Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)
-
[ChaiOS bug](https://www.grahamcluley.com/chaios-bug-crash-ios-macos-messages/)
- previous - security-blog/crash-text-message-iphone/) rendering Arabic characters
-
-
Useful tools and guides
-
[Remote Packet Capture for iOS Devices](https://useyourloaf.com/blog/remote-packet-capture-for-ios-devices/)
-
-
Worth following on Twitter
-
[EvilOSX](https://github.com/Marten4n6/EvilOSX) - Pure python post-exploitation toolkit
-
Categories
Sub Categories
[EvilOSX](https://github.com/Marten4n6/EvilOSX) - Pure python post-exploitation toolkit
10
Exploiting the Wifi Stack on Apple Devices
5
Meltdown
4
[Sandblaster](https://github.com/malus-security/sandblaster)
2
[Storing our Digital Lives - Mac Filesystems from MFS to APFS](https://www.youtube.com/watch?v=uMfmgcnrn24)
2
APOLLO tool
2
[ChaiOS bug](https://www.grahamcluley.com/chaios-bug-crash-ios-macos-messages/)
1
[Thunderstrike](https://trmm.net/Thunderstrike_31c3)
1
[Remote Packet Capture for iOS Devices](https://useyourloaf.com/blog/remote-packet-capture-for-ios-devices/)
1
[OSX incident response](https://www.youtube.com/watch?v=gNJ10Kt4I9E)
1
[Attacking OSX for fun and profit tool set limiations frustration and table flipping Dan Tentler](https://www.youtube.com/watch?v=9T_2KYox9Us)
1
[iWorm](https://www.thesafemac.com/iworm-method-of-infection-found/)
1
[Security on OSX and iOS](https://www.youtube.com/watch?v=fdxxPRbXPsI)
1
[mac-apt](https://github.com/ydkhatri/mac_apt)
1
[Proof of Concept for Remote Code Execution in WebContent](https://github.com/externalist/exploit_playground/blob/master/CVE-2018-4233/pwn_i8.js)
1
[XAgent Mac Malware Used In APT-28](https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/)
1
[venator](https://posts.specterops.io/introducing-venator-a-macos-tool-for-proactive-detection-34055a017e56)
1
[Writing Bad @$$ Malware for OSX](https://www.youtube.com/watch?v=fv4l9yAL2sU)
1
[Windshift APT](https://www.youtube.com/watch?v=Mza6qv4mY9I&feature=youtu.be&t=6h12m24s)
1
[Flashback](https://www.cnet.com/news/more-than-600000-macs-infected-with-flashback-botnet/)
1
[I can be Apple, and so can you](https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/)
1
[AutoMacTC](https://github.com/CrowdStrike/automactc)
1
[SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles](http://www.icri-sc.org/fileadmin/user_upload/Group_TRUST/PubsPDF/sandscout-final-ccs-2016.pdf)
1
Keywords