A collection of OSX/iOS security related resources
- The Safe Mac
- Mac Virus
- Mac Security
- OSX Daily - Not secutiy-specific but it contains jailbreaking information which has security implications
- Intego Mac Security Blog
- Launchd - Everything you need to know about lunachd
- OSX startup sequence
- Gogle OSX hardening
- Run any command in a sandbox
- OSX El Capitan Hardening Guide
- Hipster DFIR on OSX
- OSX application hardening scorecard
- Hardening hardware and choosing a good BIOS - Protecting against evil maid attacks
- Alien Vault
- Objective-See
- Contagio malware dump
- Manwe Mac malware feed - Regularly updated fresh mac malware feed
- exploit-db.com - Great place to look for local and remote exploits
- Artefacts for Mac OSX - Locations of sensitive files
- Pac4Mac - Forensics framework
- Inception - Physical memory manipulation
- Volafox - Memory analysis toolkit
- Mac4n6 - Collection of OSX and iOS artifacts
- Keychain analysis with Mac OSX Forensics
- OSX Collector - Forensics utility developed by Yelp
- OSX incident response - OSX incident response at GitHub
- iOS Instrumentation without jailbreaking - How to debug an iOS application that you didn't create
- Certo - Paid service for analyzing the iTunes backup of your iOS device
- Blackbag Tech free tools
- OSX (Mac) Memory Acquisition and Analysis Using OSXpmem and Volatility
- New OS X Book
- Collection of OSX reverse engineering resources
- The iPhone Wiki
- Reverse engineering OSX
- OSX crackmes - A collection of puzzles to test your reverse engineering skills
- Solving crackmes with LDPRELOAD
- Introduction to Reverse Engineering Cocoa Applications
- Writing Bad @$$ Malware for OSX - Video and another related video
- Methods of Malware Persistence on OSX
- Hack Mac OSX
- Advanced Mac OSX Rootkits
- The Python Bytes Your Apple - Fuzzing and exploiting OSX kernel bugs
- Breaking iOS Code Signing
- The Apple Sandbox - 5 years later
- Practical iOS App Hacking
- Behavioral Detection and Prevention of Malware on OS X
- Security on OSX and iOS - Slides
- Thunderstrike - Video, hacking Mac's extensible firmware interface (EFI)
- Direct Memory Attack the Kernel
- Don't trust your eye, Apple graphics is compromised, security flaws in IOKit's graphics acceleration that lead to exploitation from the browser
- Fuzzing and Exploiting OSX Vulnerabilities for Fun and Profit Complementary Active & Passive Fuzzing
- Strolling into Ring-0 via I/O Kit Drivers
- Juice Jacking
- Attacking OSX for fun and profit tool set limiations frustration and table flipping Dan Tentler - Follow-up from target
- Building an EmPyre with Python
- PoisonTap
- Storing our Digital Lives - Mac Filesystems from MFS to APFS
- Collection of mac4en6 papers/presentations
- The Underground Economy of Apple ID
- iOS of Sauron: How iOS Tracks Everything You Do
- Flashback - Detailed analysis
- Flashback pt 2
- iWorm - Detailed analysis
- Thunderbolt - Firmware bootkit
- Mokes
- MacKeeper
- OpinionSpy
- Elanor
- Mac Defender
- Wire Lurker
- KeRanger - First OSX ransomware
- Proof-of-concept USB attack
- Dark Jedi - EFI attack that exploits a vulnerability in suspend-resume cycle Sentinel One write-up
- XAgent Mac Malware Used In APT-28 - Samples
- Juice Jacking
- Root a Mac with a Rubber Ducky
- Hacking Mac with Empyre
- Local Privilege Escalation for macOS 10.12.2 and XNU port Feng Shui
- Ian Beer, Google Project Zero: "A deep-dive into the many flavors of IPC available on OS X."
- PEGASUS iOS Kernel Vulnerability Explained
- Analysis of iOS.GuiInject Adware Library
- jrswizzle - method interface exchange
- MacDBG - C and Python debugging framework for OSX
- bitcode_retriever - store and retrieve bitcode from Mach-O binary
- machotools - retrieve and change information about mach-o files
- onyx-the-black-cat - kernel module for OSX to defeat anti-debugging protection
- create-dmg - CLI utility for creating and modifying DMG files
- dmg2iso - convert dmg to iso
- Infosec Homebrew - Homebrew tap for security-related utilities
- Awesome OSX Command Line - Collection of really useful shell commands
- Keychain dump - Dump keychain credentials
- KnockKnock - Listing startup items. Also includes VirusTotal information
- Lingon-X - GUI for launchd
- Hopper - Excellent OSX debugger (requires license)
- Symhash - Python utility for generating imphash fingerprints for OSX binaries
- KisMac2 - Wireless scanning and packet capturing
- Passive fuzz framework - Framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode
- Platypus - GUI for generating .app bundles
- createOSXinstallPkg - CLI for generating .pkg installers
- PoisonTap
- Chipsec - System firmware checker by Intel