dothanthitiendiettiende
dothanthitiendiettiende
/ EndpointSecurityDemo.m
Created
May 27, 2022 07:07
— forked from Omar-Ikram/EndpointSecurityDemo.m
A demo of using Apple's EndpointSecurity framework - tested on macOS Monterey 12.2.1 (21D62)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // main.m | |
| // EndpointSecurityDemo | |
| // | |
| // Created by Omar Ikram on 17/06/2019 - macOS Catalina 10.15 Beta 1 (19A471t) | |
| // Updated by Omar Ikram on 15/08/2019 - macOS Catalina 10.15 Beta 5 (19A526h) | |
| // Updated by Omar Ikram on 01/12/2019 - macOS Catalina 10.15 (19A583) | |
| // Updated by Omar Ikram on 31/01/2021 - macOS Big Sur 11.1 (20C69) | |
| // Updated by Omar Ikram on 07/05/2021 - macOS Big Sur 11.3.1 (20E241) | |
| // Updated by Omar Ikram on 04/07/2021 - macOS Monterey 12 Beta 2 (21A5268h) |
dothanthitiendiettiende
/ index.html
Created
April 20, 2022 06:44
— forked from hkraw/index.html
GoogleCtf 2021 fullchain
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <title>google-ctf fullchain</title> | |
| </head> | |
| <body> | |
| <h1>HK</h1> | |
| <pre id='log'></pre> | |
| </body> | |
| <script src='./mojo/mojo_bindings.js'></script> | |
| <script src="./mojo/third_party/blink/public/mojom/blob/blob_registry.mojom.js"></script> |
dothanthitiendiettiende
/ CVE-2021-21224.html
Created
March 22, 2022 06:32
— forked from wdormann/CVE-2021-21224.html
Sample ARM64 PoC for CVE-2021-21224
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <script> | |
| function gc() { | |
| for (var i = 0; i < 0x80000; ++i) { | |
| var a = new ArrayBuffer(); | |
| } | |
| } | |
| let shellcode = [ | |
| // Move x18 to x28 (TEB) |
dothanthitiendiettiende
/ get_apple_oss.sh
Created
February 9, 2022 03:53
— forked from theevilbit/get_apple_oss.sh
Download All Apple OSS Tarballs from Github
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| : ' | |
| You need a personal access token for GitHub to avoid hitting the rate limit. Refer to the docs: | |
| https://docs.github.com/en/rest/guides/getting-started-with-the-rest-api | |
| https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token | |
| ' | |
| APPLE_OSS_DIR="all_apple_oss_archives" | |
| APPLE_OSS_REPO_FILE="all_apple_oss_repo_names.txt" |
dothanthitiendiettiende
/ macOS-IR-Forensics.md
Created
August 4, 2021 02:05
— forked from 0xmachos/macOS-IR-Forensics.md
If someone wants to learn MacOS IR/forensics what’s the best resource for that?
dothanthitiendiettiende
/ fairplay_iokit_uc_run_versioned.c
Created
February 3, 2021 07:12
— forked from pwn0rz/fairplay_iokit_uc_run_versioned.c
CVE-2021-1791 Fairplay OOB Read POC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <IOKit/IOKitLib.h> | |
| #include <mach/mach.h> | |
| #include <stdio.h> | |
| #include <stdint.h> | |
| #include <stdlib.h> | |
| #include <ctype.h> | |
| void hexdump(void *ptr, int buflen) { | |
| unsigned char *buf = (unsigned char*)ptr; | |
| int i, j; |
dothanthitiendiettiende
/ enable-os-x-screen-sharing.sh
Created
February 5, 2020 03:49
— forked from marcelstoer/enable-os-x-screen-sharing.sh
Enable OS X screen sharing from the command line, http://frightanic.com/apple-mac/enable-os-x-screen-sharing-command-line/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $ ssh <user>@<mac-without-screen> | |
| $ sudo defaults write /var/db/launchd.db/com.apple.launchd/overrides.plist com.apple.screensharing -dict Disabled -bool false | |
| $ sudo launchctl load /System/Library/LaunchDaemons/com.apple.screensharing.plist | |
| /System/Library/LaunchDaemons/com.apple.screensharing.plist: Service is disabled | |
| $ sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist |
dothanthitiendiettiende
/ inject.c
Created
January 2, 2020 04:12
— forked from knightsc/inject.c
An example of how to inject code to call dlopen and load a dylib into a remote mach task. Tested on 10.13.6 and 10.14.3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <dlfcn.h> | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| #include <sys/types.h> | |
| #include <mach/mach.h> | |
| #include <mach/error.h> | |
| #include <errno.h> | |
| #include <stdlib.h> | |
| #include <sys/sysctl.h> | |
| #include <sys/mman.h> |
dothanthitiendiettiende
/ launchdaemon_programs_mutable.sql
Created
July 4, 2019 08:49
— forked from keeleysam/launchdaemon_programs_mutable.sql
Sample queries for use with osquery (https://osquery.io/) to find executables which are writable by users other than root for simple root escalations. Presented at Objective by the Sea v2.0 (https://objectivebythesea.com/v2/)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| This query looks at the programs referenced by LaunchDaemons in order to find ones which are writable by non-root users. | |
| Note that it is hard to tell what will actually be executed by launchd in some cases, and may return false positives. Reccomended to be used with process monitoring as well. | |
| */ | |
| select | |
| distinct p.launchd_path as launchd_path, | |
| p.launchd_label as launchd_label, | |
| f.path, |
dothanthitiendiettiende
/ inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
Created
February 22, 2019 02:20
— forked from Proteas/inject_trusts-iOS-v12.1.2-16C104-iPhone11,x.c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| void inject_trusts(int pathc, const char *paths[]) | |
| { | |
| printf("[+] injecting into trust cache...\n"); | |
| extern uint64_t g_kern_base; | |
| static uint64_t tc = 0; | |
| if (tc == 0) { | |
| // loaded_trust_caches: 0xFFFFFFF008F702C8 | |
| tc = g_kern_base + (0xFFFFFFF008F702C8 - 0xFFFFFFF007004000); |
NewerOlder