A collection of OSX/iOS security related resources
News
Mac Virus
- Frequently updated blog that provides a good summary of the latest unique mac malware.
Intego Mac Security Blog
- Intego's corporate Mac security blog often contains recent and in-depth analysis of mac malware and other security issues
Objective-See
- Objective-See's blog often contains in-depth breakdowns of malware they've reverse engineered and vulnarabilities they've discovered.
The Safe Mac
- Resource to help educate Mac users about security issues. Contains historical as well as timely security updates.
Mac Security
- Another Mac security blog. This often includes more in-depth analysis of specific threats.
OSX Daily
- Not strictly security-specific but it contains jailbreaking information which has security implications
Hardening
Launchd
- Everything you need to know about the launchd service
OSX startup sequence
- Step-by-step guide to the startup process
Google OSX hardening
- Google's system hardening guide
Run any command in a sandbox
- How to for using OSX's sandbox system
OSX El Capitan Hardening Guide
- Hardening guide for El Capitan
OSX application hardening scorecard
- Useful checklist for hardening systems
Hardening hardware and choosing a good BIOS
- Protecting your hardware from "evil maid" attacks
Malware sample sources
Objective-See
- Curated list of malware samples. Use this list if you're looking for interesting samples to reverse engineer
Manwe Mac malware feed
- Regularly updated fresh mac malware feed
Alien Vault
Contagio malware dump
Digital Forensics / Incident Response (DFIR)
Artefacts for Mac OSX
- Locations of sensitive files
Pac4Mac
- Forensics framework
Inception
- Physical memory manipulation
Volafox
- Memory analysis toolkit
Mac4n6
- Collection of OSX and iOS artifacts
Keychain analysis with Mac OSX Forensics
OSX Collector
- Forensics utility developed by Yelp
OSX incident response
- OSX incident response at GitHub Slides
iOS Instrumentation without jailbreaking
- How to debug an iOS application that you didn't create
Certo
- Paid service for analyzing the iTunes backup of your iOS device
Blackbag Tech free tools
OSX (Mac) Memory Acquisition and Analysis Using OSXpmem and Volatility
mac-apt
- Mac Artifact Parsing Tool for processing full disk images and extracting useful information
- The author also has a collection of DFIR scripts
Reverse engineering
New OS X Book
- Frequently updated book on OSX internals
Collection of OSX reverse engineering resources
- Another Awesome-style list dedicated to OSX reverse engineering resources
The iPhone Wiki
Reverse engineering OSX
OSX crackmes
- A collection of puzzles to test your reverse engineering skills
Introduction to Reverse Engineering Cocoa Applications
- Walkthrough for Coca applications
iOS Kernel source
- Source code for iOS kernel
Reverse Engineering Challenges
- Very good list of various crackme challenges that is categorized by level and OS
Awesome Reversing
- Awesome list dedicated to reversing
Presentations and Papers
Writing Bad @$$ Malware for OSX
Methods of Malware Persistence on OSX
Advanced Mac OSX Rootkits
The Python Bytes Your Apple
- Fuzzing and exploiting OSX kernel bugs
Breaking iOS Code Signing
The Apple Sandbox - 5 years later
Practical iOS App Hacking
Behavioral Detection and Prevention of Malware on OS X
Security on OSX and iOS
Thunderstrike
- Video, hacking Mac's extensible firmware interface (EFI)
Direct Memory Attack the Kernel
Don't trust your eye, Apple graphics is compromised
- security flaws in IOKit's graphics acceleration that lead to exploitation from the browser
Fuzzing and Exploiting OSX Vulnerabilities for Fun and Profit Complementary Active & Passive Fuzzing
Strolling into Ring-0 via I/O Kit Drivers
Juice Jacking
Attacking OSX for fun and profit tool set limiations frustration and table flipping Dan Tentler
Building an EmPyre with Python
PoisonTap
Storing our Digital Lives - Mac Filesystems from MFS to APFS
Collection of mac4en6 papers/presentations
The Underground Economy of Apple ID
iOS of Sauron: How iOS Tracks Everything You Do
macOS/iOS Kernel Debugging and Heap Feng Shui
Billy Ellis iOS/OSX hacking YouTube channel
A Technical Autopsy of the Apple - FBI Debate using iPhone forensics | SANS DFIR Webcast
Jailbreaking Apple Watch at DEFCON-25
SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles
- An exploration of the sandbox protections policies
- Presentation
Virus and exploit writeups
Meltdown
- CPU flaw allowing kernel memory to be accessed by hijacking speculative execution
- Proof of concept
- Apple's statement
- Measuring OSX meltdown patches performance
- iPhone performance after Spectre patch
Why gets your root
- An Apple update introduced a bug where a blank password was set for root, allowing attackers to easily gain root access
Flashback
Flashback pt 2
iWorm
Thunderbolt
- Firmware bootkit
Malware in firmware: how to exploit a false sense of security
- A post on the resurgence of bootkits and how to defend against them
Proton RAT
- Exploration of a Remote Access Toolkit
Mokes
MacKeeper
OpinionSpy
Elanor
Mac Defender
Wire Lurker
KeRanger
- First OSX ransomware
Proof-of-concept USB attack
Dark Jedi
Sentinel One write-up
EFI attack that exploits a vulnerability in suspend-resume cycleXAgent Mac Malware Used In APT-28
Juice Jacking
Root a Mac with a Rubber Ducky
Hacking Mac with Empyre
Local Privilege Escalation for macOS 10.12.2 and XNU port Feng Shui
Ian Beer, Google Project Zero: "A deep-dive into the many flavors of IPC available on OS X."
- Deep dive into the interprocess communication and its design flaws
PEGASUS iOS Kernel Vulnerability Explained
Analysis of iOS.GuiInject Adware Library
Broadpwn
- Gaining access through the wireless subsystem
Reverse Engineering and Abusing Apple Call Relay Protocol
- Details the discovery of a vulnerability in Apple's Call handoff between mobile and desktop through analyzing network traffic.
Exploiting the Wifi Stack on Apple Devices
Google's Project Zero series of articles that detail vulnerabilities in the wireless stack used by Apple Devices
- Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)
- Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)
- Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices
- Over The Air - Vol. 2, Pt. 2: Exploiting The Wi-Fi Stack on Apple Devices
- Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices
ChaiOS bug
Useful tools and guides
jrswizzle
- method interface exchange
MacDBG
- C and Python debugging framework for OSX
bitcode_retriever
- store and retrieve bitcode from Mach-O binary
machotools
- retrieve and change information about mach-o files
onyx-the-black-cat
- kernel module for OSX to defeat anti-debugging protection
create-dmg
- CLI utility for creating and modifying DMG files
dmg2iso
- convert dmg to iso
Infosec Homebrew
- Homebrew tap for security-related utilities
Awesome OSX Command Line
- Collection of really useful shell commands
Keychain dump
- Dump keychain credentials
KnockKnock
- Listing startup items. Also includes VirusTotal information
Lingon-X
- GUI for launchd
Hopper
- Excellent OSX debugger (requires license)
Symhash
- Python utility for generating imphash fingerprints for OSX binaries
KisMac2
- Wireless scanning and packet capturing
Passive fuzz framework
- Framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode
Platypus
- GUI for generating .app bundles
createOSXinstallPkg
- CLI for generating .pkg installers
PoisonTap
Chipsec
- System firmware checker by Intel
Revisiting Mac OS X Kernel Rootkits by Phrack Magazine
- A collection of OSX rootkit ideas
iPhone Data Protection in Depth
Cycript
- Remote control library for fuzz testing iOS apps
ChaoticMarch
- Blackbox fuzz testing for iOS apps (requires jailbreak)
iOS backup decrypt script
- Contains a script for decrypting an encrypted iOS backup archive