This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <sys/errno.h> | |
#include <sys/types.h> | |
#include <sys/ptrace.h> | |
#include <unistd.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <sys/wait.h> | |
#include <mach/mach.h> | |
/* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import plistlib | |
import subprocess | |
import os | |
def main(): | |
output = subprocess.check_output(['find', '/System/Library/Extensions', '-name', '*.kext', '-print']) | |
print('<?xml version="1.0" encoding="UTF-8"?>') | |
print('<graphml xmlns="http://graphml.graphdrawing.org/xmlns">') | |
print(' <graph id="G" edgedefault="undirected">') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <errno.h> | |
#include <stdio.h> | |
#include <stdlib.h> | |
#include <mach/mach.h> | |
/* | |
This allows you to write to /var/db/SystemPolicyConfiguration/ExecPolicy | |
even with SIP on. Basically before syspolicyd determines if the values | |
you pass can be checked or not it will save them to the ExecPolicy | |
database. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#import <Foundation/Foundation.h> | |
#import <Security/Security.h> | |
#import <xpc/xpc.h> | |
#include <CoreFoundation/CoreFoundation.h> | |
#include <stdint.h> | |
typedef uint64_t SecAssessmentFlags; | |
enum { | |
kSecAssessmentDefaultFlags = 0, // default behavior | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <dlfcn.h> | |
#include <stdio.h> | |
#include <unistd.h> | |
#include <sys/types.h> | |
#include <mach/mach.h> | |
#include <mach/error.h> | |
#include <errno.h> | |
#include <stdlib.h> | |
#include <sys/sysctl.h> | |
#include <sys/mman.h> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <sys/stat.h> | |
#include <unistd.h> | |
#include <mach/mach.h> | |
#include <mach/mach_vm.h> | |
#include <dlfcn.h> | |
#include <objc/runtime.h> | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include <stdio.h> | |
#include <stdlib.h> | |
#include <libproc.h> | |
#include <mach/mach.h> | |
bool | |
has_modifications(struct task_extmod_info *info) | |
{ | |
if ((info->extmod_statistics.thread_creation_count > 0) || | |
(info->extmod_statistics.thread_set_state_count > 0)) { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from __future__ import print_function | |
import lldb | |
# This class will single step until the next call assembly instruction | |
# and then print out all the arguement registers | |
class Call: | |
def __init__(self, thread_plan, dict): | |
self.thread_plan = thread_plan |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#import <Foundation/Foundation.h> | |
#import <EndpointSecurity/EndpointSecurity.h> | |
#import <os/log.h> | |
#import <bsm/libbsm.h> | |
/* | |
In the beta 1 seed it's not straight forward to create an EndpointSecurity extension. | |
You can use libEndpointSecurity.dylib directly as long as you set the following things: | |
1. Disable SIP |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// | |
// main.m | |
// TeslaClient | |
// | |
// Created by Scott Knight on 6/11/19. | |
// Copyright © 2019 Scott Knight. All rights reserved. | |
// | |
#import <Foundation/Foundation.h> |