cedowens

offensive security engineer

Pinned Repositories

C2-JARM
A list of JARM hashes for different ssl implementations used by some C2/red team tools.
136 14 116
EntitlementCheck
Scripts (python3 and Swift) for macOS to recursively check /Applications and also check /usr/local/bin, /usr/bin, and /usr/sbin for binaries with problematic/interesting entitlements. Also checks for hardened runtime enablement
Language:Swift91 3 29
Inject_Dylib
Swift code to programmatically perform dylib injection
Language:Swift49 4 08
MacShellSwift
Proof of concept MacOS post exploitation tool written in Swift. Designed as a POC for blue teams to build macOS detections. Author: Cedric Owens
Language:Swift114 10 126
Mod_Rewrite_Automation
Scripts to automate standing up apache2 with mod_rewrite in front of C2 servers.
Language:Shell46 4 09
Mythic-Macro-Generator
Python3 script to generate a macro to launch a Mythic payload. Author: Cedric Owens
Language:Python44 5 09
Persistent-Swift
A Swift port of some of the original PersistentJXA projects by D00MFist. Original PersistentJXA repo: https://github.com/D00MFist/PersistentJXA
Language:Swift30 3 04
Swift-Attack
Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods.
Language:Swift104 8 08
SwiftBelt
A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens
Language:Swift316 15 336
SwiftBelt-JXA
JXA implementation of some SwiftBelt functions. Author: Cedric Owens
Language:JavaScript42 5 06

cedowens's Repositories

cedowens/SwiftBelt
A macOS enumeration tool inspired by harmjoy's Windows-based Seatbelt enumeration tool. Author: Cedric Owens
Language:Swift316 15 336
cedowens/C2-JARM
A list of JARM hashes for different ssl implementations used by some C2/red team tools.
136 14 116
cedowens/Swift-Attack
Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods.
Language:Swift104 8 08
cedowens/EntitlementCheck
Scripts (python3 and Swift) for macOS to recursively check /Applications and also check /usr/local/bin, /usr/bin, and /usr/sbin for binaries with problematic/interesting entitlements. Also checks for hardened runtime enablement
Language:Swift91 3 29
cedowens/Inject_Dylib
Swift code to programmatically perform dylib injection
Language:Swift49 4 08
cedowens/SwiftBelt-JXA
JXA implementation of some SwiftBelt functions. Author: Cedric Owens
Language:JavaScript42 5 06
cedowens/Spotlight-Enum-Kit
JXA and swift code that can perform some macOS situational awareness without generating TCC prompts.
Language:Swift37 4 12
cedowens/Presentations
Collection of Slides From My Conference Talks
20 3 03
cedowens/docker-arsenal
Spins up a docker container with several useful tools for offensive security in macOS/cloud environments. Also installs the needed dependencies for each tool/utility during docker setup.
Language:Dockerfile16 3 01
cedowens/Dylib_Runner
Swift code to run a dylib on disk
Language:Swift15 2 02
cedowens/Helpful_aws-scripts
python3 scripts to help with aws triage needs
Language:Python15 3 01
cedowens/Gitlab-Searcher
python3 script that pulls gitlab data of interest using a gitlab personal access token
Language:Python12 1 01
cedowens/HELK-automation
Scripts to automate HELK server standup in Digital Ocean and filebeat on macOS to help automation of sending endpoint security logs from macOS hosts into HELK for building detections content
Language:Shell11 3 01
cedowens/ioreg-and-sysctl-examples
Examples of programmatically interacting with ioreg and sysctl to query system info
Language:Swift9 3 01
cedowens/GoBelt
Golang programmatically invoking my SwiftBelt-JXA macOS system enumerator project (Golang running SwiftBelt-JXA via cgo)
Language:Go8
cedowens/JXA-Firefox
JXA Scripts for extracting data from Firefox
Language:JavaScript72
cedowens/zshrc-persist-JXA
JXA script to add a macho binary to ~/.zshrc for persistence
Language:JavaScript7 3 01
cedowens/LocalAdminChecker
Threaded C# code that uses wmic to quickly check a host's /24 subnet for other hosts the current user has local admin access to. Author: Cedric Owens
Language:C#6 1 02
cedowens/okta-sprayer
Python3 Script to perform a password spray against an okta instance
Language:Python5 2 05
cedowens/chromedp-remotedebugger-example
An example of how to use chromedp to run Chrome headless with the remote debugger port programmatically (is still a wrapper around the Chrome binary)
Language:Go4 1 0
cedowens/dns-TXT-exfil-test
Simple client/server in golang to help with testing data exfil detections over DNS TXT records
Language:Go4 1 02
cedowens/dns-exfil-test
Language:Go3 3 02
cedowens/JenkinsHunter
python3 script that searches a network range for instances of unauthenticated Jenkins hosts. Author: Cedric Owens
Language:Python3 1 03
cedowens/LOOBins
Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in macOS binaries and how they can be used by threat actors for malicious purposes.
Language:Python3 0 0
cedowens/modified-tcc-clickjack
modified version of Ron Masas's TCC-Clickjack Swift project
Language:Swift2 1 02
cedowens/Modlishka
Modlishka. Reverse Proxy.
Language:Go2 2 0
cedowens/DGA-test
simple code to help with DGA nxdomain response testing
Language:Go1 1 02
cedowens/ForgeArmory
ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).
Language:Swift1 0 0
cedowens/http-uri-test
Language:Go1 1 11
cedowens/objc_rust
Simple example of running JXA code from rust
Language:Objective-C0 0