0xffffe001 / osx-security-awesome Goto Github PK

osx-security-awesome

A collection of OSX/iOS security related resources

• News

• Hardening

• Malware sample sources

• DFIR

• Reverse engineering

• Presentations and Papers

• Virus and exploit writeups

• Useful tools and guides

• Remote Access Toolkits

• Worth following on Twitter

• Frequently updated blog that provides a good summary of the latest unique mac malware.

• Intego's corporate Mac security blog often contains recent and in-depth analysis of mac malware and other security issues

• Objective-See's blog often contains in-depth breakdowns of malware they've reverse engineered and vulnarabilities they've discovered.

• Resource to help educate Mac users about security issues. Contains historical as well as timely security updates.

• Another Mac security blog. This often includes more in-depth analysis of specific threats.

• Not strictly security-specific but it contains jailbreaking information which has security implications

• Everything you need to know about the launchd service

• Step-by-step guide to the startup process

• Google's system hardening guide

• How to for using OSX's sandbox system

• Hardening guide for El Capitan

• Useful checklist for hardening systems

• Protecting your hardware from "evil maid" attacks

• Curated list of malware samples. Use this list if you're looking for interesting samples to reverse engineer

• Regularly updated fresh mac malware feed

• Locations of sensitive files

• Forensics framework

• Physical memory manipulation

• Memory analysis toolkit

• Collection of OSX and iOS artifacts

• Forensics utility developed by Yelp

• OSX incident response at GitHub Slides

• How to debug an iOS application that you didn't create

• Paid service for analyzing the iTunes backup of your iOS device

• Mac Artifact Parsing Tool for processing full disk images and extracting useful information
• The author also has a collection of DFIR scripts

• Frequently updated book on OSX internals

• Another Awesome-style list dedicated to OSX reverse engineering resources

• A collection of puzzles to test your reverse engineering skills

• Walkthrough for Coca applications

• Source code for iOS kernel

• Very good list of various crackme challenges that is categorized by level and OS

• Awesome list dedicated to reversing

• Slides and another related video.

• Fuzzing and exploiting OSX kernel bugs

• Slides

• Video, hacking Mac's extensible firmware interface (EFI)

• security flaws in IOKit's graphics acceleration that lead to exploitation from the browser

• Follow-up from target

• An exploration of the sandbox protections policies
• Presentation

• CPU flaw allowing kernel memory to be accessed by hijacking speculative execution
• Proof of concept
• Apple's statement
• Measuring OSX meltdown patches performance
• iPhone performance after Spectre patch

• An Apple update introduced a bug where a blank password was set for root, allowing attackers to easily gain root access

• Detailed analysis

• Detailed analysis

• Firmware bootkit

• A post on the resurgence of bootkits and how to defend against them

• Exploration of a Remote Access Toolkit

• First OSX ransomware

• Samples

• Deep dive into the interprocess communication and its design flaws

• Gaining access through the wireless subsystem

• Details the discovery of a vulnerability in Apple's Call handoff between mobile and desktop through analyzing network traffic.

Google's Project Zero series of articles that detail vulnerabilities in the wireless stack used by Apple Devices

• Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)
• Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)
• Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices
• Over The Air - Vol. 2, Pt. 2: Exploiting The Wi-Fi Stack on Apple Devices
• Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices

• A message that crashes iMessage
• Looks similar to previous bugs rendering Arabic characters

• method interface exchange

• C and Python debugging framework for OSX

• store and retrieve bitcode from Mach-O binary

• retrieve and change information about mach-o files

• kernel module for OSX to defeat anti-debugging protection

• CLI utility for creating and modifying DMG files

• convert dmg to iso

• Homebrew tap for security-related utilities

• Collection of really useful shell commands

• Dump keychain credentials

• Listing startup items. Also includes VirusTotal information

• GUI for launchd

• Excellent OSX debugger (requires license)

• Python utility for generating imphash fingerprints for OSX binaries

• Wireless scanning and packet capturing

• Framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode

• GUI for generating .app bundles

• CLI for generating .pkg installers

• System firmware checker by Intel

• A collection of OSX rootkit ideas

• Remote control library for fuzz testing iOS apps

• Blackbox fuzz testing for iOS apps (requires jailbreak)

• Contains a script for decrypting an encrypted iOS backup archive

• @patrickwardle
• @objective_see
• @0xAmit
• @Morpheus______
• @osxreverser
• @liucoj
• @osxdaily
• @iamevltwin
• @claud_xiao
• @JPoForenso
• @patrickolsen
• @cheesecakeufo