Skip to content

Instantly share code, notes, and snippets.

np5 /
Last active March 22, 2023 19:36
How to get the Apple computer identifiers
import argparse
import urllib.request
("", "MacBook Air", "LAPTOP"),
("", "MacBook Pro", "LAPTOP"),
("", "Mac mini", "DESKTOP"),
("", "Mac Studio", "DESKTOP"),
("", "iMac", "DESKTOP"),
macshome /
Last active July 10, 2024 16:24
How to defang system protections on macOS

How to Defang macOS System Protections

If you want to change things on the root drive of a Mac you will need to take some steps to disable the built in security of the system. Most of these steps are the same regardless if you are on Intel or Apple Silicon. If there is a difference it is noted.

Note that all of these things put a Mac into an unsupported and less secure state.

Make sure you either perform these steps in a VM or that you reset the protections after you are done poking around

Protections and Terms

(This list is not exahustive on the details of each. Check the links at the end for more info.)

talkingmoose / Speed Dating for Mac
Last active May 5, 2023 19:53
Resources for my Penn State 2022 MacAdmins Campfire presentation on June 2

Speed Dating for Mac Admins

Terminal Login Banner

Last login: Wed Jun  1 23:03:39 on ttys000

                        'c.            Logged in as: bill.smith
                     ,xNMM.            ---------------------------------
byt3bl33d3r /
Created December 10, 2021 06:02
Python script to detect if an HTTP server is potentially vulnerable to the log4j 0day RCE (
#! /usr/bin/env python3
Needs Requests (pip3 install requests)
Author: Marcello Salvati, Twitter: @byt3bl33d3r
License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License)
This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021.
drewkerr / get-focus-mode.js
Last active June 30, 2024 19:33
Read the current Focus mode on macOS Monterey (12.0+) using JavaScript for Automation (JXA)
const app = Application.currentApplication()
app.includeStandardAdditions = true
function getJSON(path) {
const fullPath = path.replace(/^~/, app.pathTo('home folder'))
const contents =
return JSON.parse(contents)
function run() {
maxisam /
Created August 9, 2021 16:42 — forked from mohanpedala/
set -e, -u, -o, -x pipefail explanation

set -e, -u, -o, -x pipefail

The set lines

  • These lines deliberately cause your script to fail. Wait, what? Believe me, this is a good thing.
  • With these settings, certain common errors will cause the script to immediately fail, explicitly and loudly. Otherwise, you can get hidden bugs that are discovered only when they blow up in production.
  • set -euxo pipefail is short for:
set -e
set -u
dahoba / ikbc-td108-manual.txt
Created July 5, 2019 03:08
IKBC TD108 Manual
# ⌨️ TD 108 Functions Description
***Light Mode:***
+ Light up
+ Wave
+ Rain drop
+ Aurora
+ Breathing
erikng /
Last active April 19, 2021 22:51
# For mojave only
# In order for this to work, you will need to go to System Preferences in Mojave -> Security & Privacy -> Privacy -> Full Disk Access and grant permissions
import sqlite3
conn = sqlite3.connect('/var/db/SystemPolicyConfiguration/KextPolicy')
c = conn.cursor()
query = 'SELECT * FROM kext_policy'
opragel /
Last active June 10, 2024 06:29
# Seriously there still apparently aren't enough warning labels
# If you don't understand the consequences don't do it
REMOVE_PATHS=( # "/var/db/ConfigurationProfiles/.passcodePolicesAreInstalled"
# "/var/db/ConfigurationProfiles/.cloudConfigHasActivationRecord"
# "/var/db/ConfigurationProfiles/.cloudConfigNoActivationRecord"
# "/var/db/ConfigurationProfiles/.cloudConfigProfileObtained"
# "/var/db/ConfigurationProfiles/.cloudConfigRecordFound"
# "/var/db/ConfigurationProfiles/.profilesAreInstalled"