Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/kai5263499/osx-security-awesome

A collection of OSX and iOS security resources
https://github.com/kai5263499/osx-security-awesome

List: osx-security-awesome

awesome awesome-list hacking-mac mac-osx malware osx-incident-response osx-security

Last synced: about 1 month ago
JSON representation

A collection of OSX and iOS security resources

Awesome Lists containing this project

README

        

osx-security-awesome [![Awesome](https://cdn.rawgit.com/sindresorhus/awesome/d7305f38d29fed78fa85652e3a63e154dd8e8829/media/badge.svg)](https://github.com/sindresorhus/awesome)[![Travis](https://api.travis-ci.org/kai5263499/osx-security-awesome.svg?branch=master)](https://travis-ci.org/kai5263499/osx-security-awesome)

------------------------------------------------------------------------------------------

A collection of OSX/iOS security related resources

* [**News**](#news)

* [**Hardening**](#hardening)

* [**Malware sample sources**](#malware-sample-sources)

* [**DFIR**](#digital-forensics--incident-response-dfir)

* [**Reverse engineering**](#reverse-engineering)

* [**Presentations and Papers**](#presentations-and-papers)

* [**Virus and exploit writeups**](#virus-and-exploit-writeups)

* [**Useful tools and guides**](#useful-tools-and-guides)

* [**Remote Access Toolkits**](#remote-access-toolkits)

* [**Worth following on Twitter**](#worth-following-on-twitter)

------------------------------------------------------------------------------------------

## News

---------------------------------------------------------------------
### [Linking a microphone](https://ubrigens.com/posts/linking_a_microphone.html)
* The Story of CVE-2018-4184 or how a vulnearbility in OSX's Speech system allowed apps with access to the microphone to escape sandbox restrictions
### [iOS vulnerability write-up](https://github.com/writeups/iOS)
* A repository of iOS vulnerability write-ups as they are released
* Also includes conference papers
### [iOS display bugs](https://docs.google.com/document/d/1TDCVavaqDJCFjcQxZsL6InzHxPEYWwMMMh9QtfRGjbY/edit)
* Regularly updated list of iOS display bugs

### [Mac Virus](https://macviruscom.wordpress.com)
* Frequently updated blog that provides a good summary of the latest unique mac malware.

### [Intego Mac Security Blog](https://www.intego.com/mac-security-blog/)
* Intego's corporate Mac security blog often contains recent and in-depth analysis of mac malware and other security issues

### [Objective-See](https://objective-see.com/blog.html)
* Objective-See's blog often contains in-depth breakdowns of malware they've reverse engineered and vulnarabilities they've discovered.

### [The Safe Mac](https://www.thesafemac.com/)
* Resource to help educate Mac users about security issues. Contains historical as well as timely security updates.

### [Mac Security](https://macsecurity.net/news)
* Another Mac security blog. This often includes more in-depth analysis of specific threats.

### [OSX Daily](https://osxdaily.com/)
* Not strictly security-specific but it contains jailbreaking information which has security implications

## Hardening

### [macops](https://github.com/google/macops)
* Utilities, tools, and scripts for managing and tracking a fleet of Macintoshes in a corporate environment collected by Google

### [SUpraudit](http://newosxbook.com/tools/supraudit.html)
* System monitoring tool

### [EFIgy](https://github.com/duo-labs/EFIgy)
* A RESTful API and client that helps Apple Mac users determine if they are running the expected EFI firmware version given their Mac hardware and OS build version

### [Launchd](https://www.launchd.info/)
* Everything you need to know about the launchd service

### [OSX startup sequence](http://osxbook.com/book/bonus/ancient/whatismacosx/arch_startup.html)
* Step-by-step guide to the startup process

### [Google OSX hardening](https://www.usenix.org/conference/lisa13/os-x-hardening-securing-large-global-mac-fleet)
* Google's system hardening guide

### [Run any command in a sandbox](https://www.davd.io/os-x-run-any-command-in-a-sandbox/)
* How to for using OSX's sandbox system

### [Sandblaster](https://github.com/malus-security/sandblaster)
* Reversing the Apple sandbox
* [Paper](https://arxiv.org/pdf/1608.04303.pdf)

### [OSX El Capitan Hardening Guide](https://github.com/ernw/hardening/blob/master/operating_system/osx/10.11/ERNW_Hardening_OS_X_EL_Captain.md)
* Hardening guide for El Capitan

### [Hardening hardware and choosing a good BIOS](https://media.ccc.de/v/30C3_-_5529_-_en_-_saal_2_-_201312271830_-_hardening_hardware_and_choosing_a_goodbios_-_peter_stuge)
* Protecting your hardware from "evil maid" attacks

## Malware sample sources
### [Objective-See](https://objective-see.com/malware.html)
* Curated list of malware samples. Use this list if you're looking for interesting samples to reverse engineer
### [Alien Vault](https://www.alienvault.com/blogs/labs-research/os-x-malware-samples-analyzed)
### [Contagio malware dump](http://contagiodump.blogspot.com/2013/11/osx-malware-and-exploit-collection-100.html)

## Digital Forensics / Incident Response (DFIR)
### APOLLO tool
* Python tool for advanced forensics analysis
* [Presentation slides](https://github.com/mac4n6/Presentations/blob/master/LaunchingAPOLLO/LaunchingAPOLLO.pdf)
* [Source code](https://github.com/mac4n6/APOLLO)
### [venator](https://posts.specterops.io/introducing-venator-a-macos-tool-for-proactive-detection-34055a017e56)
* Python tool for proactive detection tool for malware and trojans
* [Source](https://github.com/richiercyrus/Venator)
### [lynis](https://github.com/CISOfy/lynis/)
* Security auditing tool for UNIX-based systems, including macOS
### [AutoMacTC](https://github.com/CrowdStrike/automactc)
* [Modular forensic triage collection framework](https://www.crowdstrike.com/blog/automating-mac-forensic-triage/) from CrowdStrike
### [Legacy Exec History](https://github.com/knightsc/system_policy)
* OSQuery module to give you a report of 32bit processes running on a 10.14 machine
### [Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage](https://www.mac4n6.com/blog/2018/8/5/knowledge-is-power-using-the-knowledgecdb-database-on-macos-and-ios-to-determine-precise-user-and-application-usage)
### [Artefacts for Mac OSX](http://sud0man.blogspot.com/2015/05/artefacts-for-mac-os-x.html?m=1)
* Locations of sensitive files
### [Pac4Mac](https://github.com/sud0man/pac4mac)
* Forensics framework
### [Inception](https://github.com/carmaa/inception)
* Physical memory manipulation
### [Volafox](https://github.com/n0fate/volafox)
* Memory analysis toolkit
### [Mac4n6](https://github.com/pstirparo/mac4n6)
* Collection of OSX and iOS artifacts
### [Keychain analysis with Mac OSX Forensics](https://repo.zenk-security.com/Forensic/Keychain%20Analysis%20with%20Mac%20OS%20X%20Memory%20Forensics.pdf)
### [OSX Collector](https://github.com/Yelp/osxcollector)
* Forensics utility developed by Yelp
### [OSX incident response](https://www.youtube.com/watch?v=gNJ10Kt4I9E)
* OSX incident response at GitHub [Slides](https://speakerdeck.com/sroberts/hipster-dfir-on-osx-bsidescincy)
### [iOS Instrumentation without jailbreaking](https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/october/ios-instrumentation-without-jailbreak/)
* How to debug an iOS application that you didn't create
### [Certo](https://www.certosoftware.com/)
* Paid service for analyzing the iTunes backup of your iOS device
### [Blackbag Tech free tools](https://www.blackbagtech.com/resources/free-tools/)
### [OSX (Mac) Memory Acquisition and Analysis Using OSXpmem and Volatility](https://ponderthebits.com/2017/02/osx-mac-memory-acquisition-and-analysis-using-osxpmem-and-volatility/)
### [mac-apt](https://github.com/ydkhatri/mac_apt)
* Mac Artifact Parsing Tool for processing full disk images and extracting useful information
* The author also has a collection of [DFIR scripts](https://github.com/ydkhatri/MacForensics)

## Reverse engineering
### [New OS X Book](http://www.newosxbook.com/)
* Frequently updated book on OSX internals
### [Collection of OSX reverse engineering resources](https://github.com/michalmalik/osx-re-101)
* Another Awesome-style list dedicated to OSX reverse engineering resources
### [The iPhone Wiki](https://www.theiphonewiki.com/wiki/Main_Page)
### [Reverse engineering OSX](https://reverse.put.as/)
### [OSX crackmes](https://reverse.put.as/crackmes/)
* A collection of puzzles to test your reverse engineering skills
### [Introduction to Reverse Engineering Cocoa Applications](https://www.fireeye.com/blog/threat-research/2017/03/introduction_to_reve.html)
* Walkthrough for Coca applications
### [iOS Kernel source](https://github.com/apple/darwin-xnu)
* Source code for iOS kernel
### [Reverse Engineering Challenges](https://challenges.re/)
* Very good list of various crackme challenges that is categorized by level and OS
### [Awesome Reversing](https://github.com/tylerha97/awesome-reversing)
* Awesome list dedicated to reversing

## Presentations and Papers
### [Area41 2018: Daniel Roethlisberger: Monitoring MacOS For Malware And Intrusions](https://www.youtube.com/watch?v=OSSkBgn_xJs&feature=youtu.be)
### [Windshift APT](https://www.youtube.com/watch?v=Mza6qv4mY9I&feature=youtu.be&t=6h12m24s)
* [Deep-dive write-up by Objective See](https://objective-see.com/blog/blog_0x38.html)
### [Automated Binary Analysis on iOS – A Case Study on Cryptographic Misuse in iOS Applications](https://pure.tugraz.at/ws/portalfiles/portal/17749575)
* Examining iOS applications for poorly guarded secrets
### [Writing Bad @$$ Malware for OSX](https://www.youtube.com/watch?v=fv4l9yAL2sU)
* [Slides](https://www.slideshare.net/Synack/writing-bad-malware-for-os-x) and [another related video](https://www.youtube.com/watch?v=oT8BKt_0cJw).
### [Methods of Malware Persistence on OSX](https://www.youtube.com/watch?v=rhhvZnA4VNY)
### [Advanced Mac OSX Rootkits](https://www.blackhat.com/presentations/bh-usa-09/DAIZOVI/BHUSA09-Daizovi-AdvOSXRootkits-SLIDES.pdf)
### [The Python Bytes Your Apple](https://speakerdeck.com/flankerhqd/the-python-bites-your-apple-fuzzing-and-exploiting-osx-kernel-bugs)
* Fuzzing and exploiting OSX kernel bugs
### [Breaking iOS Code Signing](https://papers.put.as/papers/ios/2011/syscan11_breaking_ios_code_signing.pdf)
### [The Apple Sandbox - 5 years later](http://newosxbook.com/files/HITSB.pdf)
### [Practical iOS App Hacking](https://papers.put.as/papers/ios/2012/Mathieu-RENARD-GreHACK-Practical-iOS-App-Hacking.pdf)
### [Behavioral Detection and Prevention of Malware on OS X](https://www.virusbulletin.com/blog/2016/september/paper-behavioural-detection-and-prevention-malware-os-x/)
### [Security on OSX and iOS](https://www.youtube.com/watch?v=fdxxPRbXPsI)
* [Slides](https://www.slideshare.net/nosillacast/security-on-the-mac)

### [Thunderstrike](https://trmm.net/Thunderstrike_31c3)
* [Video](https://www.youtube.com/watch?v=5BrdX7VdOr0), hacking Mac's extensible firmware interface (EFI)
### [Direct Memory Attack the Kernel](https://github.com/ufrisk/presentations/blob/master/DEFCON-24-Ulf-Frisk-Direct-Memory-Attack-the-Kernel-Final.pdf)
### [Don't trust your eye, Apple graphics is compromised](https://speakerdeck.com/marcograss/dont-trust-your-eye-apple-graphics-is-compromised)
* security flaws in IOKit's graphics acceleration that lead to exploitation from the browser
### [Fuzzing and Exploiting OSX Vulnerabilities for Fun and Profit Complementary Active & Passive Fuzzing](https://www.slideshare.net/PacSecJP/moony-li-pacsec18?qid=15552f01-6655-4555-9894-597d62fd803c)
### [Strolling into Ring-0 via I/O Kit Drivers](https://speakerdeck.com/patrickwardle/o-kit-drivers)
### [Juice Jacking](https://www.youtube.com/watch?v=TKAgemHyq8w)
### [Attacking OSX for fun and profit tool set limiations frustration and table flipping Dan Tentler](https://www.youtube.com/watch?v=9T_2KYox9Us)
* [Follow-up from target](https://www.youtube.com/watch?v=bjYhmX_OUQQ)
### [Building an EmPyre with Python](https://www.youtube.com/watch?v=79qzgVTP3Yc)
### [PoisonTap](https://www.youtube.com/watch?v=Aatp5gCskvk)
### [Storing our Digital Lives - Mac Filesystems from MFS to APFS](https://www.youtube.com/watch?v=uMfmgcnrn24)
* [slides](http://macadmins.psu.edu/files/2017/07/psumac2017-174-Storing-our-digital-lives-Mac-filesystems-from-MFS-to-APFS.key-254bf2y.pdf)
### [Collection of mac4en6 papers/presentations](https://drive.google.com/drive/folders/0B37-sa0Wh9_TdjVSbzRvMEVGQ2c)
### [The Underground Economy of Apple ID](https://www.youtube.com/watch?v=4acVKs9WPts)
### [iOS of Sauron: How iOS Tracks Everything You Do](https://www.youtube.com/watch?v=D6cSiHpvboI)
### [macOS/iOS Kernel Debugging and Heap Feng Shui](https://github.com/zhengmin1989/MyArticles/blob/master/PPT/DEFCON-25-Min-Spark-Zheng-macOS-iOS-Kernel-Debugging.pdf)
### [Billy Ellis iOS/OSX hacking YouTube channel](https://www.youtube.com/channel/UCk2sx_3FUkKvDGlIhdUQa8A)
### [A Technical Autopsy of the Apple - FBI Debate using iPhone forensics | SANS DFIR Webcast](https://www.youtube.com/watch?v=_q_2mN8U91o)
### [Jailbreaking Apple Watch at DEFCON-25](https://www.youtube.com/watch?v=eJpbi-Qz6Jc)
### [SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles](http://www.icri-sc.org/fileadmin/user_upload/Group_TRUST/PubsPDF/sandscout-final-ccs-2016.pdf)
* An exploration of the sandbox protections policies
* [Presentation](https://www.youtube.com/watch?v=TnwXEDCIowQ)

## Virus and exploit writeups
### [Detailed Analysis of macOS/iOS Vulnerability CVE-2019-6231](https://www.fortinet.com/blog/threat-research/detailed-analysis-of-macos-ios-vulnerability-cve-2019-6231.html)
* Exploration of QuartzCore/CoreAnimation flaw leading to a malicious application being able to read restricted memory.
### [kernelcache laundering](https://github.com/Synacktiv-contrib/kernelcache-laundering)
* Load iOS12 kernelcaches and PAC code in IDA
### [blanket](https://github.com/bazad/blanket)
* Proof of concept for CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6
### [Proof of Concept for Remote Code Execution in WebContent](https://github.com/externalist/exploit_playground/blob/master/CVE-2018-4233/pwn_i8.js)
* [MachO tricks](https://iokit.racing/machotricks.pdf) - Appears to be slides from a presentation that ends with the CVE listed above
### [There's Life in the Old Dog Yet: Tearing New Holes into Intel/iPhone Cellular Modems](https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/)
* How the public warning system can be used as an attack vector
### [I can be Apple, and so can you](https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/)
* An exploration of a code signing vulnerability in macOS that has persisted for 11 years
* [Creating signed and customized backdoored macos apps](https://medium.com/@adam.toscher/creating-signed-and-customized-backdoored-macos-applications-by-abusing-apple-developer-tools-b4cbf1a98187)
### [Leveraging emond on macOS for persistence](https://posts.specterops.io/leveraging-emond-on-macos-for-persistence-a040a2785124)
### [APFS credential leak vulnerability](https://www.mac4n6.com/blog/2018/3/21/uh-oh-unified-logs-in-high-sierra-1013-show-plaintext-password-for-apfs-encrypted-external-volumes-via-disk-utilityapp)
* A flaw in Unified Logs leaks the password for encrypted APFS volumes

### [A fun XNU infoleak](https://bazad.github.io/2018/03/a-fun-xnu-infoleak/)
### Meltdown
* CPU flaw allowing kernel memory to be accessed by hijacking speculative
execution
* [Proof of concept](https://github.com/gkaindl/meltdown-poc)
* [Apple's statement](https://support.apple.com/en-us/HT208394)
* [Measuring OSX meltdown patches performance](https://reverse.put.as/2018/01/07/measuring-osx-meltdown-patches-performance/)
* [iPhone performance after Spectre patch](https://www.gsmarena.com/spectre_and_meltdown_testing_performance_impact_on_iphone_8_plus-news-29132.php)
### [Flashback](https://www.cnet.com/news/more-than-600000-macs-infected-with-flashback-botnet/)
* [Detailed analysis](https://www.intego.com/mac-security-blog/more-about-the-flashback-trojan-horse/)
### [Flashback pt 2](https://www.intego.com/mac-security-blog/flashback-botnet-is-adrift/)
### [iWorm](https://www.thesafemac.com/iworm-method-of-infection-found/)
* [Detailed analysis](https://www.intego.com/mac-security-blog/iworm-botnet-uses-reddit-as-command-and-control-center/)
### [Thunderbolt](https://www.theregister.co.uk/2015/01/08/thunderstrike_shocks_os_x_with_first_firmware_bootkit/)
* Firmware bootkit
### [Malware in firmware: how to exploit a false sense of security](https://www.welivesecurity.com/2017/10/19/malware-firmware-exploit-sense-security/)
* A post on the resurgence of bootkits and how to defend against them
### [Proton RAT](https://www.cybereason.com/blog/labs-proton-b-what-this-mac-malware-actually-does)
* Exploration of a Remote Access Toolkit

### [Mokes](https://thehackernews.com/2016/09/cross-platform-malware.html)
### [MacKeeper](https://www.cultofmac.com/170522/is-mackeeper-really-a-scam/)
### [OpinionSpy](https://www.thesafemac.com/opinionspy-is-back/)
### [Elanor](https://blog.malwarebytes.com/cybercrime/2016/07/new-mac-backdoor-malware-eleanor/)
### [Mac Defender](https://macsecurity.net/view/79-remove-mac-defender-virus-from-mac-os-x)
### [Wire Lurker](https://www.paloaltonetworks.com/resources/research/unit42-wirelurker-a-new-era-in-ios-and-os-x-malware.html)
### [KeRanger](https://techcrunch.com/2016/03/07/apple-has-shut-down-the-first-fully-functional-mac-os-x-ransomware/)
* First OSX ransomware
### [Proof-of-concept USB attack](https://www.ehackingnews.com/2016/09/a-usb-device-can-steal-credentials-from.html)
### [Dark Jedi](https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/)
### EFI attack that exploits a vulnerability in suspend-resume cycle [Sentinel One write-up](https://www.sentinelone.com/blog/reverse-engineering-mac-os-x/)
### [XAgent Mac Malware Used In APT-28](https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/)
* [Samples](http://contagiodump.blogspot.com/2017/02/russian-apt-apt28-collection-of-samples.html)
### [Juice Jacking](https://www.howtogeek.com/166497/htg-explains-what-is-juice-jacking-and-how-worried-should-you-be/)
### [Local Privilege Escalation for macOS 10.12.2 and XNU port Feng Shui](https://github.com/zhengmin1989/macOS-10.12.2-Exp-via-mach_voucher)

### [Ian Beer, Google Project Zero: "A deep-dive into the many flavors of IPC available on OS X."](https://www.youtube.com/watch?v=D1jNCy7-g9k)
* Deep dive into the interprocess communication and its design flaws

### [PEGASUS iOS Kernel Vulnerability Explained](https://sektioneins.de/en/blog/16-09-02-pegasus-ios-kernel-vulnerability-explained.html)
### [Analysis of iOS.GuiInject Adware Library](https://www.sentinelone.com/blog/analysis-ios-guiinject-adware-library/)
### [Broadpwn](https://blog.exodusintel.com/2017/07/26/broadpwn/)
* Gaining access through the wireless subsystem

### [Reverse Engineering and Abusing Apple Call Relay Protocol](https://www.martinvigo.com/diy-spy-program-abusing-apple-call-relay-protocol/)
* Details the discovery of a vulnerability in Apple's Call handoff between mobile and desktop through analyzing network traffic.

### Exploiting the Wifi Stack on Apple Devices
Google's Project Zero series of articles that detail vulnerabilities in the wireless stack used by Apple Devices
* [Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)](https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html)
* [Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)](https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_11.html)
* [Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices](https://googleprojectzero.blogspot.com/2017/09/over-air-vol-2-pt-1-exploiting-wi-fi.html)
* [Over The Air - Vol. 2, Pt. 2: Exploiting The Wi-Fi Stack on Apple Devices](https://googleprojectzero.blogspot.com/2017/10/over-air-vol-2-pt-2-exploiting-wi-fi.html)
* [Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices](https://googleprojectzero.blogspot.com/2017/10/over-air-vol-2-pt-3-exploiting-wi-fi.html)

### [ChaiOS bug](https://www.grahamcluley.com/chaios-bug-crash-ios-macos-messages/)
* A message that crashes iMessage
* Looks similar to [previous](https://arstechnica.com/gadgets/2013/08/rendering-bug-crashes-os-x-and-ios-apps-with-string-of-arabic-characters/) [bugs](https://www.intego.com/mac-security-blog/crash-text-message-iphone/) rendering Arabic characters

## Useful tools and guides
### [Mac@IBM](https://github.com/IBM/mac-ibm-enrollment-app)
* Mac enrollment helper provided by IBM
### [mOSL](https://github.com/0xmachos/mOSL)
* Audit and fix macOS High Sierra (10.13.x) security settings
### [Darling](https://github.com/darlinghq/darling)
* Darwin/macOS emulation layer for Linux
### [Kemon](https://github.com/didi/kemon)
* Open source kernel monitoring
### [jelbrektime](https://github.com/kai5263499/jelbrekTime)
* Developer jailbreak for Apple Watch
### [Booting Secure](http://michaellynn.github.io/2018/07/27/booting-secure/)
* Deep dive into Secure Boot on 2018 MacBook Pro
### [Tutorial - emulate an iOS kernel in QEMU up to launchd and userspace](https://worthdoingbadly.com/xnuqemu2/)
* Tutorial on getting an iOS kernel to run in QEMU
### [xnumon](https://www.roe.ch/xnumon)
* Monitor macOS for malicious activity
* [source](https://github.com/droe/xnumon)
### [DetectX](https://sqwarq.com/detectx/)
* Audits system artifacts to help you identify unknown and novel threats
### [Are you really signed?](https://github.com/Sentinel-One/macos-are-you-really-signed)
* Utility to test for code-sign bypass vulnerability
### [osx security growler](https://github.com/pirate/security-growler)
* Mac menubar item that lets you know about security events on your system
### [mac-a-mal](https://github.com/phdphuc/mac-a-mal)
* Automated malware analysis on macOS
### [jrswizzle](https://github.com/rentzsch/jrswizzle)
* method interface exchange
### [MacDBG](https://github.com/blankwall/MacDBG)
* C and Python debugging framework for OSX
### [bitcode_retriever](https://github.com/AlexDenisov/bitcode_retriever)
* store and retrieve bitcode from Mach-O binary
### [machotools](https://github.com/enthought/machotools)
* retrieve and change information about mach-o files
### [onyx-the-black-cat](https://github.com/acidanthera/onyx-the-black-cat) ([outdated original](https://github.com/gdbinit/onyx-the-black-cat))
* kernel module for OSX to defeat anti-debugging protection
### [create-dmg](https://github.com/andreyvit/create-dmg)
* CLI utility for creating and modifying DMG files
### [dmg2iso](https://sourceforge.net/projects/dmg2iso/?source=typ_redirect)
* convert dmg to iso
### [Infosec Homebrew](https://github.com/kai5263499/homebrew-infosec)
* Homebrew tap for security-related utilities
### [Awesome OSX Command Line](https://github.com/herrbischoff/awesome-macos-command-line)
* Collection of really useful shell commands
### [Keychain dump](https://github.com/juuso/keychaindump)
* Dump keychain credentials
### [KnockKnock](https://objective-see.com/products/knockknock.html)
* Listing startup items. Also includes VirusTotal information
### [Lingon-X](https://www.peterborgapps.com/lingon/)
* GUI for launchd
### [Hopper](https://www.hopperapp.com/)
* Excellent OSX debugger (requires license)
### [Symhash](https://github.com/threatstream/symhash)
* Python utility for generating imphash fingerprints for OSX binaries
### [KisMac2](https://github.com/IGRSoft/KisMac2)
* Wireless scanning and packet capturing
### [Passive fuzz framework](https://github.com/SilverMoonSecurity/PassiveFuzzFrameworkOSX)
* Framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode
### [Platypus](https://sveinbjorn.org/platypus)
* GUI for generating .app bundles
### [createOSXinstallPkg](https://github.com/munki/createOSXinstallPkg)
* CLI for generating .pkg installers
### [PoisonTap](https://github.com/samyk/poisontap)
### [Chipsec](https://github.com/chipsec/chipsec)
* System firmware checker by Intel
### [Revisiting Mac OS X Kernel Rootkits by Phrack Magazine](http://phrack.org/issues/69/7.html)
* A collection of OSX rootkit ideas
### [iPhone Data Protection in Depth](http://conference.hackinthebox.org/hitbsecconf2011ams/materials/D2T2%20-%20Jean-Baptiste%20Be%CC%81drune%20&%20Jean%20Sigwald%20-%20iPhone%20Data%20Protection%20in%20Depth.pdf)
### [Cycript](http://www.cycript.org/)
* Remote control library for fuzz testing iOS apps
### [ChaoticMarch](https://github.com/synack/chaoticmarch)
* Blackbox fuzz testing for iOS apps (requires jailbreak)
### [iOS backup decrypt script](https://stackoverflow.com/questions/1498342/how-to-decrypt-an-encrypted-apple-itunes-iphone-backup)
* Contains a script for decrypting an encrypted iOS backup archive
### [Remote Packet Capture for iOS Devices](https://useyourloaf.com/blog/remote-packet-capture-for-ios-devices/)
* Use a remote virtual interface to capture packets from a tethered iOS device
* [Python utility](https://thrysoee.dk/iospcap/)
* [Another python utility](https://github.com/gh2o/rvi_capture)
### [Pareto Security](https://paretosecurity.app/)
* A MenuBar app to automatically audit your Mac for basic security hygiene.
### [Mana Security](https://manasecurity.com/)
* Vulnerability Management app for individuals. It helps to keep macOS and installed applications updated.
### [cnspec](https://cnspec.io/)
* Open source vulnerability and misconfiguration scanning for macOS hosts + much more.
### [Intro To IOS Malware Detection](https://8ksec.io/mobile-malware-analysis-part-4-intro-to-ios-malware-detection/)
* iOS malware, its types, methods of gathering forensics information
### [Ipsw Walkthrough](https://8ksec.io/ipsw-walkthrough-part-1-the-swiss-army-knife-for-ios-macos-security-research/)
* Part one that covers basic uses

## Remote Access Toolkits
### [Empyre](https://github.com/EmpireProject/EmPyre)
### [Bella](https://github.com/kai5263499/Bella)
### [Stitch](https://nathanlopez.github.io/Stitch/)
### [Pupy](https://github.com/n1nj4sec/pupy)
### [EggShell surveillance tool](https://github.com/neoneggplant/EggShell) - Works on OSX and jailbroken iOS
### [EvilOSX](https://github.com/Marten4n6/EvilOSX) - Pure python post-exploitation toolkit

## Worth following on Twitter
* [@patrickwardle](https://twitter.com/patrickwardle)
* [@objective_see](https://twitter.com/objective_see)
* [@0xAmit](https://twitter.com/0xAmit)
* [@osxreverser](https://twitter.com/osxreverser)
* [@liucoj](https://twitter.com/liucoj)
* [@osxdaily](https://twitter.com/osxdaily)
* [@iamevltwin](https://twitter.com/iamevltwin)
* [@claud_xiao](https://twitter.com/claud_xiao)
* [@JPoForenso](https://twitter.com/JPoForenso)
* [@patrickolsen](https://twitter.com/patrickolsen)

## Other OSX Awesome lists
* [ashishb/osx-and-ios-security-awesome](https://github.com/ashishb/osx-and-ios-security-awesome)