https://github.com/vesche/hiddenlingo

https://github.com/vesche/hiddenlingo

Last synced: 12 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/vesche/hiddenlingo
• Owner: vesche
• Created: 2023-02-10T14:34:20.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2023-02-12T08:42:44.000Z (over 3 years ago)
• Last Synced: 2025-04-12T22:44:52.412Z (about 1 year ago)
• Language: C
• Size: 5.86 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# HIDDENLINGO

macOS offensive memory forensics research

## Dump memory with osxpmem

```

$ unzip osxpmem-2.1.post4.zip

$ sudo chown -R root:wheel osxpmem.app/MacPmem.kext/

$ sudo kextutil -t osxpmem.app/MacPmem.kext/

$ # go into System Preferences -> Security & Privacy -> Allow Kernel Extension (system will need to reboot)

$ osxpmem.app/osxpmem --help

$ # go into System Preferences -> Security & Privacy -> Allow osxpmem

$ sudo osxpmem.app/osxpmem -o dump.aff4

$ osxpmem.app/osxpmem -e /dev/pmem -o dump.raw dump.aff4

```