Scott Knight knightsc
knightsc
/ execve.log
Created
June 29, 2021 15:27
dtrace log of execve call with all MACF kexts running
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| CPU FUNCTION | |
| 3 -> execve ffffff802b71b320 ffffff802f6e39b8 ffffff802f6e39f8 | |
| 3 -> __mac_execve ffffff802b71b320 ffffff80b1a7be68 ffffff802f6e39f8 | |
| 3 -> kauth_cred_proc_ref ffffff802b71b320 ffffff80b1a7be68 ffffff802f6e39f8 | |
| 3 <- kauth_cred_proc_ref 4f ffffff802ee1bc70 0 | |
| 3 -> __MALLOC 690 50 4 | |
| 3 -> kalloc_canblock ffffff80b1a7bd90 1 ffffff801f07d598 | |
| 3 -> gzalloc_alloc ffffff801f0a5b20 1 0 | |
| 3 <- gzalloc_alloc 5c 0 0 | |
| 3 -> zcache_alloc_from_cpu_cache ffffff801f0a5b20 0 0 |
knightsc
/ ApplicationWhitelist.mobileconfig
Created
June 29, 2021 15:26
macOS example profile to whitelist application which in turn makes use of mcxalr.kext
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> | |
| <plist version="1.0"> | |
| <dict> | |
| <key>PayloadContent</key> | |
| <array> | |
| <dict> | |
| <key>PayloadDisplayName</key> | |
| <string>Parental Controls: Application Access #1</string> | |
| <key>PayloadIdentifier</key> |
knightsc
/ gist:758783181e41a986fceea6901b8853e3
Created
August 20, 2020 13:48
AKNativeAnisetteService.m
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // AKNativeAnisetteService.m | |
| // akd | |
| // | |
| // Created by Scott Knight on 5/10/19. | |
| // Copyright © 2019 Scott Knight. All rights reserved. | |
| // | |
| #import <AuthKit/AuthKit.h> | |
| #import "AKNativeAnisetteService.h" |
knightsc
/ XProtect_2121_hashes.txt
Created
May 15, 2020 17:08
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| XProtect_MACOS_51f7dde:27999b460b19fa7a32c2adf9a1b47642f4c7272883785f140683de04ab66db82 | |
| XProtect_MACOS_51f7dde:6771e7b084fbe7fb59fc47129ff946df31dd341b2267aa7f3fa34d51a8419588 | |
| XProtect_MACOS_51f7dde:aa8a4948afe706d1eeb217b6b0564793d1cf3a1914f44a487bd8b23f693e2e4f | |
| XProtect_MACOS_51f7dde:88dbc53ea3f19a234f80979bae2a496c9c71be0c0b9ea001157511ff37f725f7 | |
| XProtect_MACOS_51f7dde:b214427c509bb68c8fa74f392d695c44443ffa8bf41f608de70d6743842dc440 | |
| XProtect_MACOS_51f7dde:e4408c80559b44dacf76400236dc2b094fc7ced8208eb0ae575c0d2299a6e3a4 |
knightsc
/ build-xnu-4903.270.47.sh
Created
April 11, 2020 19:03
A script to build XNU version 4903.241.1 (macOS Mojave 10.14.3).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # build-xnu-4903.270.47.sh | |
| # Scott Knight | |
| # | |
| # Based on the script by Brandon Azad | |
| # https://gist.github.com/bazad/654959120a423b226dc564073b435453 | |
| # | |
| # A script showing how to build XNU version 4903.270.47 on macOS Mojave | |
| # 10.14.6 with Xcode 10.3 |
knightsc
/ dtrace-338.40.5-PointerLikeTypeTraits.h
Created
April 4, 2020 12:21
PointerLikeTypeTraits.h from dtrace-338.40.5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //===- llvm/Support/PointerLikeTypeTraits.h - Pointer Traits ----*- C++ -*-===// | |
| // | |
| // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. | |
| // See https://llvm.org/LICENSE.txt for license information. | |
| // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception | |
| // | |
| //===----------------------------------------------------------------------===// | |
| // | |
| // This file defines the PointerLikeTypeTraits class. This allows data | |
| // structures to reason about pointers and other things that are pointer sized. |
knightsc
/ llvmCore-3425.0.36-DataTypes.h
Created
April 4, 2020 12:19
DataTypes.h from llvmCore-3425.0.36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* include/llvm/Support/DataTypes.h. Generated from DataTypes.h.in by configure. */ | |
| /*===-- include/Support/DataTypes.h - Define fixed size types -----*- C -*-===*\ | |
| |* *| | |
| |* The LLVM Compiler Infrastructure *| | |
| |* *| | |
| |* This file is distributed under the University of Illinois Open Source *| | |
| |* License. See LICENSE.TXT for details. *| | |
| |* *| | |
| |*===----------------------------------------------------------------------===*| | |
| |* *| |
knightsc
/ XProtect_2116_hashes.txt
Created
March 20, 2020 11:09
Hashes matching yara rules from XProtect 2116
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| XProtect_MACOS_c592675:060bd0a09a691faa3067a12fbcde5f451b16bd7315cd238a86c9c8b9a333c477 | |
| XProtect_MACOS_c592675:08c8d9abe018454a183bfb0728a13f636f03fde01d01ab0ef5d4b6d1a4f8b42a | |
| XProtect_MACOS_c592675:3def33ba228d576e67d09b6190fd5f58af469f81a4a705649535d362fd2e3300 | |
| XProtect_MACOS_c592675:89e5969a9afecb010748b085256e1759e633cf002639b4ac48a2e7dc0bc523ed | |
| XProtect_MACOS_c592675:a609bd94f385cbe30bffa47c32bc6033775d2101824c4c434eb118482809c065 | |
| XProtect_MACOS_c592675:b4738580705c0d7fd1eaeeff1868abd2d5f613183df198e62feca5bd05979911 | |
| XProtect_MACOS_c592675:f8abf262193194089906623461957c308be579cfb542f4658b31cc35bc3979fc |
knightsc
/ build-xnu-4903.241.1.sh
Created
February 19, 2020 15:48
A script to build XNU version 4903.241.1 (macOS Mojave 10.14.3).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # build-xnu-4903.241.1.sh | |
| # Scott Knight | |
| # | |
| # Based on the script by Brandon Azad | |
| # https://gist.github.com/bazad/654959120a423b226dc564073b435453 | |
| # | |
| # A script showing how to build XNU version 4903.241.1 on macOS Mojave | |
| # 10.14.6 with Xcode 10.3 |
knightsc
/ build-xnu-6153.11.26.sh
Created
February 18, 2020 15:08
A script to build XNU version 6153.11.26 (macOS Catalina 10.15).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # | |
| # build-xnu-6153.11.26.sh | |
| # Scott Knight | |
| # | |
| # Based on the script by Brandon Azad | |
| # https://gist.github.com/bazad/654959120a423b226dc564073b435453 | |
| # | |
| # A script showing how to build XNU version 6153.11.26 on macOS Catalina | |
| # 10.15 with Xcode 11.13.1. |
NewerOlder