osx-security-awesome

by kai5263499

A collection of OSX and iOS security resources

473 Stars 92 Forks Last release: Not found Apache License 2.0 151 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

osx-security-awesome AwesomeTravis


A collection of OSX/iOS security related resources


News


Linking a microphone

  • The Story of CVE-2018-4184 or how a vulnearbility in OSX's Speech system allowed apps with access to the microphone to escape sandbox restrictions ### iOS vulnerability write-up
  • A repository of iOS vulnerability write-ups as they are released
  • Also includes conference papers ### iOS display bugs
  • Regularly updated list of iOS display bugs

Mac Virus

  • Frequently updated blog that provides a good summary of the latest unique mac malware.

Intego Mac Security Blog

  • Intego's corporate Mac security blog often contains recent and in-depth analysis of mac malware and other security issues

Objective-See

  • Objective-See's blog often contains in-depth breakdowns of malware they've reverse engineered and vulnarabilities they've discovered.

The Safe Mac

  • Resource to help educate Mac users about security issues. Contains historical as well as timely security updates.

Mac Security

  • Another Mac security blog. This often includes more in-depth analysis of specific threats.

OSX Daily

  • Not strictly security-specific but it contains jailbreaking information which has security implications

Hardening

macops

  • Utilities, tools, and scripts for managing and tracking a fleet of Macintoshes in a corporate environment collected by Google

SUpraudit

  • System monitoring tool

EFIgy

  • A RESTful API and client that helps Apple Mac users determine if they are running the expected EFI firmware version given their Mac hardware and OS build version

Launchd

  • Everything you need to know about the launchd service

OSX startup sequence

  • Step-by-step guide to the startup process

Google OSX hardening

  • Google's system hardening guide

Run any command in a sandbox

  • How to for using OSX's sandbox system

Sandblaster

  • Reversing the Apple sandbox
  • Paper

OSX El Capitan Hardening Guide

  • Hardening guide for El Capitan

Hardening hardware and choosing a good BIOS

  • Protecting your hardware from "evil maid" attacks

Malware sample sources

Objective-See

Digital Forensics / Incident Response (DFIR)

APOLLO tool

Reverse engineering

New OS X Book

Presentations and Papers

Area41 2018: Daniel Roethlisberger: Monitoring MacOS For Malware And Intrusions

Windshift APT

Thunderstrike

Virus and exploit writeups

Detailed Analysis of macOS/iOS Vulnerability CVE-2019-6231

A fun XNU infoleak

Meltdown

Mokes

MacKeeper

OpinionSpy

Elanor

Mac Defender

Wire Lurker

KeRanger

Ian Beer, Google Project Zero: "A deep-dive into the many flavors of IPC available on OS X."

  • Deep dive into the interprocess communication and its design flaws

PEGASUS iOS Kernel Vulnerability Explained

Analysis of iOS.GuiInject Adware Library

Broadpwn

  • Gaining access through the wireless subsystem

Reverse Engineering and Abusing Apple Call Relay Protocol

  • Details the discovery of a vulnerability in Apple's Call handoff between mobile and desktop through analyzing network traffic.

Exploiting the Wifi Stack on Apple Devices

Google's Project Zero series of articles that detail vulnerabilities in the wireless stack used by Apple Devices * Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1) * Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2) * Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices * Over The Air - Vol. 2, Pt. 2: Exploiting The Wi-Fi Stack on Apple Devices * Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices

ChaiOS bug

  • A message that crashes iMessage
  • Looks similar to previous bugs rendering Arabic characters

Useful tools and guides

[email protected]

Remote Access Toolkits

Empyre

Bella

Stitch

Pupy

EggShell surveillance tool - Works on OSX and jailbroken iOS

EvilOSX - Pure python post-exploitation toolkit

Worth following on Twitter

Other OSX Awesome lists

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.