Pinned Repositories
Custom_URL_Scheme
Tool to create a template to abuse Custom URL Schemes
Dylib-Hijack-Scanner
JavaScript for Automation (JXA) version of Patrick Wardle's tool that searches applications for dylib hijacking opportunities
Go4aRun
Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process
InjectCheck
InSync
Finder Plugin Persistence
LaunchAgentPersistence
Persistence using Launch Agents for OSX in JXA
Mystikal
macOS Initial Access Payload Generator
PersistentJXA
Collection of macOS persistence methods and miscellaneous tools in JXA
security
Notes and Commands for CTFs
D00MFist's Repositories
D00MFist/Mystikal
macOS Initial Access Payload Generator
D00MFist/PersistentJXA
Collection of macOS persistence methods and miscellaneous tools in JXA
D00MFist/Go4aRun
Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process
D00MFist/Dylib-Hijack-Scanner
JavaScript for Automation (JXA) version of Patrick Wardle's tool that searches applications for dylib hijacking opportunities
D00MFist/security
Notes and Commands for CTFs
D00MFist/InSync
Finder Plugin Persistence
D00MFist/Custom_URL_Scheme
Tool to create a template to abuse Custom URL Schemes
D00MFist/InjectCheck
D00MFist/LaunchAgentPersistence
Persistence using Launch Agents for OSX in JXA
D00MFist/CVE-2019-8656
CVE-2019-8656 GateKeeper Bypass
D00MFist/docker-elk
The Elastic stack (ELK) powered by Docker and Compose.
D00MFist/apfell
JavaScript for Automation (JXA) macOS agent
D00MFist/FuzzyThread
Playing with Sharpsploit Injection
D00MFist/HELK
The Hunting ELK
D00MFist/MacOSX-SDKs
A collection of SDK folders
D00MFist/Misc-Powershell-Scripts
Random Tools
D00MFist/Mythic
A collaborative, multi-platform, red teaming framework
D00MFist/thanatos
Mythic C2 agent targeting Linux and Windows hosts written in Rust
D00MFist/ChromeCookieDecryptor
Decrypt cookie values in Chrome Sqlite DB on Mac OX S, use Openssl
D00MFist/ChromeKatz
Dump cookies and credentials directly from Chrome/Edge process memory
D00MFist/dynamichttp
D00MFist/electroniz3r
Take over macOS Electron apps' TCC permissions
D00MFist/HealthInspector
JXA situational awareness helper by simply reading specific files on a filesystem
D00MFist/hermes
Swift 5 macOS agent
D00MFist/LOOBins
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes.
D00MFist/macos-loginitems
A library to parse macOS LoginItems
D00MFist/poseidon
D00MFist/presentations
SpecterOps Presentations
D00MFist/PVPSound
PVPSound
D00MFist/WebView2-Cookie-Stealer