Skip to content

Instantly share code, notes, and snippets.

@hartescout
Last active Jun 14, 2021
Embed
What would you like to do?
macOS Internals, Reversing, and Analysis reference I've found essential.
## In no particular order. I'm pulling these from a bookmark folder, I'll work on labeling as I have time. Hope these help. Will be mixing in Linux reference as well.
Sidenote: the macOS Internals series is amazing, although might be out of reach for some. However if having a hard time deciding (I definitely way) and in budget, In my opinion, they are worth the price. I've worked through Volume II, waiting on Volume III.
As always, most of what we need in our world can be found open sourced and provided by some of the brightest, but it can be a frustrating journey finding material.
https://www.intezer.com/blog/malware-analysis/elf-malware-analysis-101-linux-threats-no-longer-an-afterthought/
http://timetobleed.com/dynamic-linking-elf-vs-mach-o/
https://github.com/apple/darwin-xnu
https://opensource.apple.com/source/xnu/
https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/KernelProgramming/Architecture/Architecture.html
https://blog.paloaltonetworks.com/tag/mac-os-x/
https://github.com/bx/machO-tools
https://reverse.put.as/2019/11/19/how-to-make-lldb-a-real-debugger/
https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-one/
https://www.sentinelone.com/blog/malware-hunting-macos-practical-guide/
https://objective-see.com/
https://taomm.org/vol1/analysis.html
https://objective-see.com/blog/blog_0x64.html
https://www.soupbowl.io/2020/04/macos-in-virtualbox/#setup-vbox
https://www.starlab.io/blog/the-linux-security-hardening-checklist-for-embedded-systems
https://attack.mitre.org/versions/v9/matrices/enterprise/macos/
https://theevilbit.github.io/posts/getting_started_in_macos_security/
https://opensource.apple.com/
https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/OSX_Technology_Overview/SystemTechnology/SystemTechnology.html
https://bugs.chromium.org/p/project-zero/issues/list?q=vendor%3DApple&can=1
https://support.apple.com/guide/security/welcome/1/web
https://reverse.put.as/
https://papers.put.as/macosx/macosx/
https://github.com/theevilbit/Shield
https://developer.apple.com/account/#/overview/2NRB6WX7UD
https://cryptpad.fr/drive/#
https://support.apple.com/en-us/HT212325
https://developer.apple.com/documentation/security
https://theevilbit.github.io/posts/
https://developer.apple.com/library/archive/navigation/
https://themittenmac.com/
https://wojciechregula.blog/post/press-5-keys-and-become-root-aka-cve-2021-30655/
https://infocon.org/cons/Black%20Hat/Black%20Hat%20USA/Black%20Hat%20USA%202019/Zombie%20Ant%20Farming%20Practical%20Tips%20for%20Playing%20Hide%20and%20Seek%20with%20Linux%20EDRs.mp4
https://bradleyjkemp.dev/post/launchdaemon-hijacking/
https://secret.club/
https://www.felixcloutier.com/x86/
https://developer.apple.com/documentation/kernel/mach/vm
https://github.com/aidansteele/osx-abi-macho-file-format-reference
https://malwareunicorn.org/workshops/re102.html#7
https://github.com/michalmalik/linux-re-101
https://www.trendmicro.com/en_us/research/21/f/CVE-2021-30724_CVMServer_Vulnerability_in_macOS_and_iOS.html?utm_source=trendmicroresearch&utm_medium=smk&utm_campaign=0621_vulnmac30724
https://vx-underground.org/papers.html
https://github.com/airbnb/binaryalert/tree/master/rules/public/malware/macos
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment