Skip to content
This repository has been archived by the owner on Dec 31, 2018. It is now read-only.

A collection of OSX and iOS security resources

License

Notifications You must be signed in to change notification settings

chota/osx-security-awesome

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 

Repository files navigation

osx-security-awesome AwesomeTravis


A collection of OS X/iOS/macOS security related resources


News


  • A repository of iOS vulnerability write-ups as they are released
  • Also includes conference papers
  • Regularly updated list of iOS display bugs
  • Frequently updated blog that provides a good summary of the latest unique mac malware.
  • Intego's corporate Mac security blog often contains recent and in-depth analysis of mac malware and other security issues
  • Objective-See's blog often contains in-depth breakdowns of malware they've reverse engineered and vulnerabilities they've discovered.
  • Resource to help educate Mac users about security issues. Contains historical as well as timely security updates.
  • Another Mac security blog. This often includes more in-depth analysis of specific threats.
  • Not strictly security-specific but it contains jailbreaking information which has security implications

Hardening

  • Utilities, tools, and scripts for managing and tracking a fleet of Macintoshes in a corporate environment collected by Google
  • System monitoring tool
  • A RESTful API and client that helps Apple Mac users determine if they are running the expected EFI firmware version given their Mac hardware and OS build version
  • Everything you need to know about the launchd service
  • Step-by-step guide to the startup process
  • Google's system hardening guide
  • How to for using OSX's sandbox system
  • Reversing the Apple sandbox
  • Paper
  • Hardening guide for El Capitan
  • Useful checklist for hardening systems
  • Protecting your hardware from "evil maid" attacks

Malware sample sources

  • Curated list of malware samples. Use this list if you're looking for interesting samples to reverse engineer
  • Regularly updated fresh mac malware feed

Digital Forensics / Incident Response (DFIR)

  • OSQuery module to give you a report of 32bit processes running on a 10.14 machine
  • Locations of sensitive files
  • Forensics framework
  • Physical memory manipulation
  • Memory analysis toolkit
  • Collection of OS X and iOS artifacts
  • Forensics utility developed by Yelp
  • OS X incident response at GitHub Slides
  • How to debug an iOS application that you didn't create
  • Paid service for analyzing the iTunes backup of your iOS device
  • Mac Artifact Parsing Tool for processing full disk images and extracting useful information
  • The author also has a collection of DFIR scripts

Reverse engineering

  • Frequently updated book on OS X internals
  • Another Awesome-style list dedicated to OS X reverse engineering resources
  • A collection of puzzles to test your reverse engineering skills
  • Walkthrough for Coca applications
  • Source code for iOS kernel
  • Very good list of various crackme challenges that is categorized by level and OS
  • Awesome list dedicated to reversing

Presentations and Papers

  • Examining iOS applications for poorly guarded secrets
  • Fuzzing and exploiting OS X kernel bugs
  • Video, hacking Mac's extensible firmware interface (EFI)
  • security flaws in IOKit's graphics acceleration that lead to exploitation from the browser
  • An exploration of the sandbox protections policies
  • Presentation

Virus and Exploit Write-ups

  • Load iOS12 kernelcaches and PAC code in IDA
  • Proof of concept for CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6
  • MachO tricks - Appears to be slides from a presentation that ends with the CVE listed above
  • How the public warning system can be used as an attack vector
  • A flaw in Unified Logs leaks the password for encrypted APFS volumes

Meltdown

  • An Apple update introduced a bug where a blank password was set for root, allowing attackers to easily gain root access
  • Firmware bootkit
  • A post on the resurgence of boot-kits and how to defend against them
  • Exploration of a Remote Access Toolkit
  • First OS X ransomware

EFI attack that exploits a vulnerability in suspend-resume cycle Sentinel One write-up

  • Deep dive into the interprocess communication and its design flaws
  • Gaining access through the wireless subsystem
  • Details the discovery of a vulnerability in Apple's Call handoff between mobile and desktop through analyzing network traffic.

Exploiting the Wifi Stack on Apple Devices

Google's Project Zero series of articles that detail vulnerabilities in the wireless stack used by Apple Devices

  • A message that crashes iMessage
  • Looks similar to previous bugs rendering Arabic characters

Useful tools and guides

  • Mac enrollment helper provided by IBM
  • Audit and fix macOS High Sierra (10.13.x) security settings
  • Darwin/macOS emulation layer for Linux
  • Open source kernel monitoring
  • Developer jailbreak for Apple Watch
  • Deep dive into Secure Boot on 2018 MacBook Pro
  • Tutorial on getting an iOS kernel to run in QEMU
  • Monitor macOS for malicious activity
  • source
  • Audits system artifacts to help you identify unknown and novel threats
  • Utility to test for code-sign bypass vulnerability
  • Mac menubar item that lets you know about security events on your system
  • Automated malware analysis on macOS
  • Paper
  • method interface exchange
  • C and Python debugging framework for OS X
  • store and retrieve bitcode from Mach-O binary
  • retrieve and change information about mach-o files
  • kernel module for OS X to defeat anti-debugging protection
  • CLI utility for creating and modifying DMG files
  • convert dmg to iso
  • Homebrew tap for security-related utilities
  • Collection of really useful shell commands
  • Dump keychain credentials
  • Listing startup items. Also includes VirusTotal information
  • GUI for launchd
  • Excellent OS X debugger (requires license)
  • Python utility for generating imphash fingerprints for OS X binaries
  • Wireless scanning and packet capturing
  • Framework is for fuzzing OS X kernel vulnerability based on passive inline hook mechanism in kernel mode
  • GUI for generating .app bundles
  • CLI for generating .pkg installers
  • System firmware checker by Intel
  • A collection of OS X root-kit ideas
  • Remote control library for fuzz testing iOS apps
  • Blackbox fuzz testing for iOS apps (requires jailbreak)
  • Contains a script for decrypting an encrypted iOS backup archive

Remote Access Toolkits

EggShell surveillance tool - Works on OS X and jailbroken iOS

EvilOSX - Pure python post-exploitation toolkit

Worth following on Twitter

About

A collection of OSX and iOS security resources

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published