Skip to content

Instantly share code, notes, and snippets.

View andriitishchenko's full-sized avatar

Andrii A andriitishchenko

3 followers · 1 following
View GitHub Profile
@andriitishchenko
andriitishchenko / terget.c
Created March 15, 2023 13:21
XProtect test
/**
https://yara.readthedocs.io/en/stable/commandline.html
$ clang terget.c
$ brew install yara
$ yara /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Resources/XProtect.yara terget.out
XProtect_MACOS_644e18d terget.out
@andriitishchenko
andriitishchenko / AMT_tools.md
Created March 15, 2023 11:54
Check Versions of Anti Malware Tools for macOS

Gatekeeper

$ /usr/libexec/PlistBuddy -c "Print CFBundleShortVersionString" /private/var/db/gkopaque.bundle/Contents/Info.plist

XProtect

$ defaults read /Library/Apple/System/Library/CoreServices/XProtect.bundle/Contents/Info.plist CFBundleShortVersionString
@andriitishchenko
andriitishchenko / 0-generate_dictionary.py
Last active February 13, 2023 09:52
Unzip file with passwords Prof of Concept
allowed_symbols = "abcdefghijklmnopqrstuvwxyz0123456789"
min_length = 3
max_length = 5
with open("generated_passwords.txt", "w") as f:
for length in range(min_length, max_length + 1):
for password in generate_combinations(allowed_symbols, length):
f.write(password + "\n")
@andriitishchenko
andriitishchenko / point_distance.py
Created February 12, 2023 12:29
The location of the point on the line from the beginning at the specified distance
import math
"""
A(1,0) C(?) B(5,5)
*-------------*---------*
AC=5
"""
import math
@andriitishchenko
andriitishchenko / Xcode.ver.md
Last active May 10, 2023 10:14
How to run an older Xcode on new macOS 13.2

To make old Xcode to works on Macos 13.2 (22D49):

edit Xcode12 or Xcode13 CFBundleVersion to "21534" (approve Terminal permissions)

/usr/libexec/PlistBuddy -c "Set CFBundleVersion 21534" /Applications/Xcode.app/Contents/Info.plist

~ % /usr/libexec/PlistBuddy -c "Print CFBundleVersion" /Applications/Xcode12.5.app/Contents/Info.plist

18212

@andriitishchenko
andriitishchenko / Mach-O analysis.md
Created December 16, 2022 22:26
Mach-O analysis

Mac OS X executable (Malware) Analysis

some calc theory

(12345)₁₀ = (3039)₁₆

@andriitishchenko
andriitishchenko / install.sh
Last active October 7, 2023 13:44
Ghidra to macOS App wrapper
#!/bin/sh
# Script for wrapping ghidra to MacOs bundle app.
# curl https://gist.githubusercontent.com/andriitishchenko/afe03e833a30c5a0012036261cb6a952/raw/a28dcc2d474a9976cb07f706bc75a85a3594ff49/install.sh | sh
# NOT TESTED WITH M1+
# ghidra 10.x requaries JDK 17+ (64-bit)
# https://www.oracle.com/java/technologies/downloads/#jdk19-mac
# Not works for macos13+
@andriitishchenko
andriitishchenko / .proxy_helper
Last active December 12, 2022 21:37 — forked from refo/macOS proxy settings from terminal.md
macOS proxy settings from terminal
# Macos Proxy Helper (networksetup wraper)
# add this line to $HOME/.zshrc
#
# source "$HOME/.proxy_helper"
#
# usage :
# proxy < | up | down > [-all || -http|-https|-socks|-ftp|-stream ]
# proxy set <destination> <port> [-http|-https|-socks|-ftp|-stream || -all]'
@andriitishchenko
andriitishchenko / openssl encryption and decryption | macOS.md
Created December 7, 2022 18:27
openssl encryption and decryption | macOS

openssl encryption and decryption | macOS

from LibreSSL 2.9.1 the default message digest for openssl enc was changed from "md5" to "sha256"

For compatibility with macOS13+ and older, you must explicitly specify the parameter: -md sha256 or -md md5

Examples:

echo 'this is a test' | openssl enc -aes-256-cbc -a -A -md sha256 -pass file:<(echo 'mySecurePass')
@andriitishchenko
andriitishchenko / http[s] tunnels.md
Last active November 16, 2022 15:42