macshome

How to Defang macOS System Protections

If you want to change things on the root drive of a Mac you will need to take some steps to disable the built in security of the system. Most of these steps are the same regardless if you are on Intel or Apple Silicon. If there is a difference it is noted.

Note that all of these things put a Mac into an unsupported and less secure state.

Make sure you either perform these steps in a VM or that you reset the protections after you are done poking around

Protections and Terms

(This list is not exahustive on the details of each. Check the links at the end for more info.)

pamelafox

// Includes functions for exporting active sheet or all sheets as JSON object (also Python object syntax compatible).
// Tweak the makePrettyJSON_ function to customize what kind of JSON to export.

var FORMAT_ONELINE   = 'One-line';
var FORMAT_MULTILINE = 'Multi-line';
var FORMAT_PRETTY    = 'Pretty';

var LANGUAGE_JS      = 'JavaScript';
var LANGUAGE_PYTHON  = 'Python';

Linerre

• macOS, Zsh, and more
  • Zsh initializations
  • Zsh way of $PATH
  • the special macOS
  • /usr/libexec/path_helper
    • What is it?
    • What does it do?
    • What does it break?
  • Situation explained

• The .*shrc file

dahoba

# ⌨️ TD 108 Functions Description

***Light Mode:***

PRESS FN + F4 
+ Light up
+ Wave
+ Rain drop
+ Aurora
+ Breathing

talkingmoose

#!/bin/bash

<<ABOUT_THIS_SCRIPT
-------------------------------------------------------------------------------

	Written by:William Smith
	Professional Services Engineer
	Jamf
	bill@talkingmoose.net
	https://gist.github.com/2cf20236e665fcd7ec41311d50c89c0e

drewkerr

const app = Application.currentApplication()
app.includeStandardAdditions = true

function getJSON(path) {
	const fullPath = path.replace(/^~/, app.pathTo('home folder'))
	const contents = app.read(fullPath)
	return JSON.parse(contents)
}

function run() {

opragel

#!/bin/bash
# Seriously there still apparently aren't enough warning labels
# If you don't understand the consequences don't do it

REMOVE_PATHS=( # "/var/db/ConfigurationProfiles/.passcodePolicesAreInstalled"
               # "/var/db/ConfigurationProfiles/.cloudConfigHasActivationRecord"
               # "/var/db/ConfigurationProfiles/.cloudConfigNoActivationRecord"
               # "/var/db/ConfigurationProfiles/.cloudConfigProfileObtained"
               # "/var/db/ConfigurationProfiles/.cloudConfigRecordFound"
               # "/var/db/ConfigurationProfiles/.profilesAreInstalled"

sweenzor

#!/usr/bin/env python

import os
import subprocess

# > python subprocessdemote.py
# > sudo python subprocessdemote.py


def check_username():

gregneagle

#!/usr/bin/python

import os
import sys

from CoreFoundation import (CFPreferencesAppValueIsForced,
                            CFPreferencesCopyAppValue,
                            CFPreferencesCopyValue,
                            kCFPreferencesAnyUser,
                            kCFPreferencesAnyHost,

byt3bl33d3r

#! /usr/bin/env python3

'''
    Needs Requests (pip3 install requests)

    Author: Marcello Salvati, Twitter: @byt3bl33d3r
    License: DWTFUWANTWTL (Do What Ever the Fuck You Want With This License)

    
    This should allow you to detect if something is potentially exploitable to the log4j 0day dropped on December 9th 2021.