Pinned Repositories
bifrost
Objective-C library and console to interact with Heimdal APIs for macOS Kerberos
dylibHijackScanner
Objective C dylibHijackScanner and analysis tool
HealthInspector
JXA situational awareness helper by simply reading specific files on a filesystem
KeytabParser
Python script to parse Keytab files for macOS or *nix (typically /etc/krb5.keytab)
LockSmith
ObjectiveC CLI tool for interacting with macOS Keychain
macos_execute_from_memory
PoC of macho loading from memory
Mythic
A collaborative, multi-platform, red teaming framework
offensive_macos
Tracking of offensive macOS tooling, blogs, and related helpful information
Orchard
JavaScript for Automation (JXA) tool to do Active Directory enumeration.
its-a-feature's Repositories
its-a-feature/Mythic
A collaborative, multi-platform, red teaming framework
its-a-feature/offensive_macos
Tracking of offensive macOS tooling, blogs, and related helpful information
its-a-feature/bifrost
Objective-C library and console to interact with Heimdal APIs for macOS Kerberos
its-a-feature/Orchard
JavaScript for Automation (JXA) tool to do Active Directory enumeration.
its-a-feature/LockSmith
ObjectiveC CLI tool for interacting with macOS Keychain
its-a-feature/HealthInspector
JXA situational awareness helper by simply reading specific files on a filesystem
its-a-feature/macos_execute_from_memory
PoC of macho loading from memory
its-a-feature/KeytabParser
Python script to parse Keytab files for macOS or *nix (typically /etc/krb5.keytab)
its-a-feature/dylibHijackScanner
Objective C dylibHijackScanner and analysis tool
its-a-feature/loginItemManipulator
its-a-feature/macos-popups
Catalog Red Team techniques that cause popups in various macOS versions
its-a-feature/macOSCameraCapture
Simple CLI utility to save off an image from every webcam hooked into a mac
its-a-feature/CursedChrome
Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.
its-a-feature/smbdoor
Windows kernel backdoor via registering a malicious SMB handler
its-a-feature/website
Personal blog on security
its-a-feature/overview
Overview stats for its-a-feature repositories
its-a-feature/TCC-ClickJacking
A proof of concept for a clickjacking attack on macOS.
its-a-feature/chronology
SpecterOps Historical Records
its-a-feature/electroniz3r
Take over macOS Electron apps' TCC permissions
its-a-feature/JXA_Proc_Tree
A JXA script for enumerating running processes, printed out in a json, parent-child tree.
its-a-feature/KnockKnock
Enumerate persistently installed software
its-a-feature/Mystikal
macOS Initial Access Payload Generator
its-a-feature/PoshC2
A proxy aware C2 framework used to aid red teamers with post-exploitation and lateral movement.
its-a-feature/PrintTCCdb
JXA script for Mythic that prints the TCC.db
its-a-feature/SwiftInMemoryLoading
Swift implementation of in-memory Mach-O loading on macOS
its-a-feature/cobalt_sync
Standalone Cobalt Strike operation logging Aggressor script for Ghostwriter 2.0+
its-a-feature/CSOps
Utility to manipulate codesigned application in Mac OS X. Demonstrate the use of csops system call.
its-a-feature/DyldDeNeuralyzer
its-a-feature/macos_shell_memory
Execute MachO binaries in memory using CGo
its-a-feature/tamatoa
If you have any questions, please open an issue.