kim4apple kim4apple
kim4apple
/ amfid_patch.py
Created
May 5, 2023 18:05
— forked from pvieito/amfid_patch.py
This script can patch macOS 10.12.2 amfid daemon on memory to allow arbitrary entitlements in Developer ID signed binaries.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python3 | |
| '''amfid_patch.py - Pedro José Pereira Vieito © 2016 | |
| This script can patch macOS 10.12.2 amfid daemon on memory | |
| to allow arbitrary entitlements in Developer ID signed binaries. | |
| Killing amfid will make the patch disapear: | |
| $ sudo kill -9 `pgrep amfid` | |
| You must run the script as a root (sudo) and with SIP disabled. | |
kim4apple
/ Revisiting Mac OS X Kernel Rootkits
Created
November 2, 2022 16:02
— forked from alexprivalov/Revisiting Mac OS X Kernel Rootkits
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Title : Revisiting Mac OS X Kernel Rootkits | |
| Author : fG! | |
| Date : April 18, 2014 | |
| |=----------------------------------------------------------------------------=| | |
| |=----------------=[ Revisiting Mac OS X Kernel Rootkits ]=-------------------=| | |
| |=----------------------------------------------------------------------------=| | |
| |=------------------------=[ fG! <[email protected]> ]=---------------------------=| | |
| |=----------------------------------------------------------------------------=| |
kim4apple
/ EndpointSecurityDemo.m
Created
July 9, 2020 03:09
— forked from Omar-Ikram/EndpointSecurityDemo.m
A demo of using Apple's new EndpointSecurity framework - tested on macOS Catalina 10.15 (19A583)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // main.m | |
| // EndpointSecurityDemo | |
| // | |
| // Created by Omar Ikram on 17/06/2019 - Catalina 10.15 Beta 1 (19A471t) | |
| // Updated by Omar Ikram on 15/08/2019 - Catalina 10.15 Beta 5 (19A526h) | |
| // Updated by Omar Ikram on 01/12/2019 - Catalina 10.15 (19A583) | |
| // | |
| #import <Foundation/Foundation.h> |
kim4apple
/ SystemIdleTime.m
Created
March 25, 2020 14:36
— forked from darrarski/SystemIdleTime.m
Get Mac OS X system idle time in Swift or Objective-C
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // Created by Dariusz Rybicki on 17/04/16. | |
| // Copyright © 2016 Darrarski. All rights reserved. | |
| // | |
| #import <Foundation/Foundation.h> | |
| /** | |
| Returns number of seconds since system became idle | |
kim4apple
/ gist:34daa6a0a311e35a1ff3f609b2749bdb
Created
September 25, 2019 03:21
pfctl cheat sheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # basic pfctl control | |
| # == | |
| # Related: http://www.OpenBSD.org | |
| # Last update: Tue Dec 28, 2004 | |
| # == | |
| # Note: | |
| # this document is only provided as a basic overview | |
| # for some common pfctl commands and is by no means | |
| # a replacement for the pfctl and pf manual pages. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Even though device management is disabled in Server.app, | |
| # the processes still run. Which the only issue with this is | |
| # it causes extremely slow shutdown times. So here we disable this shit | |
| sudo launchctl stop com.apple.DeviceManagement.postgres; | |
| sudo launchctl remove com.apple.DeviceManagement.postgres; | |
| sudo launchctl unload -w /Applications/Server.app/Contents/ServerRoot/System/Library/LaunchDaemons/com.apple.DeviceManagement.postgres.plist | |
| # Same goes for calendar server | |
| sudo launchctl stop org.calendarserver.agent; |
kim4apple
/ gist:99ddb8d5cdba1716bd1909a7afd277fe
Created
April 21, 2019 10:06
— forked from rtrouton/gist:4ff699b3f7660ae06a13
Software Update keys in Yosemite's /Library/Preferences/com.apple.SoftwareUpdate.plist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Automatically check for updates: | |
| Enable: sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool TRUE | |
| Disable: sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticCheckEnabled -bool FALSE | |
| Download newly available updates in the background: | |
| Enable: sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticDownload -bool TRUE | |
| Disable: sudo defaults write /Library/Preferences/com.apple.SoftwareUpdate AutomaticDownload -bool FALSE |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #import <libproc.h> | |
| #import <sys/proc_info.h> | |
| @interface ProcessUtil : NSObject | |
| + (NSArray <NSNumber *> *)loadProcessIds; | |
| + (NSString *)pathWithPid:(int)pid; | |
| @end | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - (NSString *)_commandFromPid:(int)pid { | |
| int mib[3], argmax, nargs, c = 0; | |
| size_t size; | |
| char *procargs, *sp, *np, *cp; | |
| mib[0] = CTL_KERN; | |
| mib[1] = KERN_ARGMAX; | |
| size = sizeof(argmax); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| - (NSString *)_commandFromPid:(int)pid { | |
| int mib[3], argmax, nargs, c = 0; | |
| size_t size; | |
| char *procargs, *sp, *np, *cp; | |
| mib[0] = CTL_KERN; | |
| mib[1] = KERN_ARGMAX; | |
| size = sizeof(argmax); |
NewerOlder