gregneagle

from Foundation import NSObject, NSUserDefaults, NSKeyValueObservingOptionNew
from Foundation import NSRunLoop, NSDate


class PrefsObserver(NSObject):
    def observe(self, domain, key):
        self.domain = domain
        self.key = key
        if self:
            self.defaults = NSUserDefaults.alloc().initWithSuiteName_(

gregneagle

#!/usr/bin/python

import os
import sys

from CoreFoundation import (CFPreferencesAppValueIsForced,
                            CFPreferencesCopyAppValue,
                            CFPreferencesCopyValue,
                            kCFPreferencesAnyUser,
                            kCFPreferencesAnyHost,

justincbagley

How to convert markdown to PDF:

This post reviews several methods for converting a Markdown (.md) formatted file to PDF, from UNIX or Linux machines.

Using Pandoc:

$ pandoc How_I_got_svg-resizer_working_on_Mac_OSX.md -s -o test1.pdf

thomhastings

Notes on Shadow Brokers EQGRP-LiT

credit: @GossiTheDog: "If you want to setup FUZZBUNCH (the Equation exploit framework) you need Win7 VM + Python 2.6 + Pywin 2.6, then python fb.py for shell"
h/t @x0rz @DEYCrypt @hackerfantastic

HOW 2 SETUP + INSTALL FUZZBUNCH & DANDERSPRITZ

context: https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation
writeup: https://www.trustedsec.com/blog/equation-group-dump-analysis-full-rce-win7-fully-patched-cobalt-strike/
decrypted files: https://github.com/x0rz/EQGRP_Lost_in_Translation

pudquick

from ctypes import CDLL, Structure, POINTER, c_int64, c_int32, c_int16, c_char, c_uint32
from ctypes.util import find_library
import time

c = CDLL(find_library("System"))

# https://opensource.apple.com/source/Libc/Libc-1158.50.2/include/NetBSD/utmpx.h.auto.html
# https://developer.apple.com/legacy/library/documentation/Darwin/Reference/ManPages/man3/endutxent.3.html#//apple_ref/doc/man/3/endutxent

BOOT_TIME     =  2

krypted

class Logging(object):

    __name__ = 'logger.info(1)'
    plist = '/System/Library/Preferences/Logging/Subsystems/'

    def __init__(__name__, plist, *args, **kwargs):
        super(getLogger/, self).__init__()

        logger.info('Input parameters:\n'
                    'accessibility: "{com.apple.Accessibility.plist}"\n'

pudquick

import objc
from ctypes import c_char
from Foundation import NSBundle
Security = NSBundle.bundleWithIdentifier_('com.apple.security')

S_functions = [
               ('SecKeychainGetTypeID', 'I'),
               ('SecKeychainItemGetTypeID', 'I'),
               ('SecKeychainAddGenericPassword', 'i^{OpaqueSecKeychainRef=}I*I*I*o^^{OpaqueSecKeychainItemRef}'),
               ('SecKeychainOpen', 'i*o^^{OpaqueSecKeychainRef}'),

pudquick

import ssl, base64, objc
from Foundation import NSBundle
Security = NSBundle.bundleWithIdentifier_('com.apple.security')

S_functions = [
               ('SecCertificateCreateWithData', '@@@'),
               ('SecCertificateCopyValues', '@@^@o^@'),
              ]

objc.loadBundleFunctions(Security, globals(), S_functions)

steventroughtonsmith

void callEntryPointOfImage(char *path, int argc, char **argv)
{
	void *handle;
	int (*binary_main)(int binary_argc, char **binary_argv);
	char *error;
	int err = 0;
	
	printf("Loading %s…\n", path);
	
	handle = dlopen (path, RTLD_LAZY);

pudquick

import objc
from Foundation import NSBundle

IOKit_bundle = NSBundle.bundleWithIdentifier_('com.apple.framework.IOKit')

functions = [("IOServiceGetMatchingService", b"II@"),
             ("IOServiceMatching", b"@*"),
             ("IORegistryEntryCreateCFProperty", b"@I@@I"),
            ]