Skip to content

Instantly share code, notes, and snippets.

@mikalv
Forked from hartescout/reference.txt
Created December 4, 2021 14:28
Show Gist options
  • Save mikalv/0c536b783797fcd8eb9eb5546dcb1a50 to your computer and use it in GitHub Desktop.
Save mikalv/0c536b783797fcd8eb9eb5546dcb1a50 to your computer and use it in GitHub Desktop.
macOS Internals, Reversing, and Analysis reference I've found essential.
## In no particular order. I'm pulling these from a bookmark folder, I'll work on labeling as I have time. Hope these help. Will be mixing in Linux reference as well.
Sidenote: the macOS Internals series is amazing, although might be out of reach for some. However if having a hard time deciding (I definitely way) and in budget, In my opinion, they are worth the price. I've worked through Volume II, waiting on Volume III.
As always, most of what we need in our world can be found open sourced and provided by some of the brightest, but it can be a frustrating journey finding material.
https://www.intezer.com/blog/malware-analysis/elf-malware-analysis-101-linux-threats-no-longer-an-afterthought/
http://timetobleed.com/dynamic-linking-elf-vs-mach-o/
https://github.com/apple/darwin-xnu
https://opensource.apple.com/source/xnu/
https://developer.apple.com/library/archive/documentation/Darwin/Conceptual/KernelProgramming/Architecture/Architecture.html
https://blog.paloaltonetworks.com/tag/mac-os-x/
https://github.com/bx/machO-tools
https://reverse.put.as/2019/11/19/how-to-make-lldb-a-real-debugger/
https://www.sentinelone.com/blog/how-to-reverse-macos-malware-part-one/
https://www.sentinelone.com/blog/malware-hunting-macos-practical-guide/
https://objective-see.com/
https://taomm.org/vol1/analysis.html
https://objective-see.com/blog/blog_0x64.html
https://www.soupbowl.io/2020/04/macos-in-virtualbox/#setup-vbox
https://www.starlab.io/blog/the-linux-security-hardening-checklist-for-embedded-systems
https://attack.mitre.org/versions/v9/matrices/enterprise/macos/
https://theevilbit.github.io/posts/getting_started_in_macos_security/
https://opensource.apple.com/
https://developer.apple.com/library/archive/documentation/MacOSX/Conceptual/OSX_Technology_Overview/SystemTechnology/SystemTechnology.html
https://bugs.chromium.org/p/project-zero/issues/list?q=vendor%3DApple&can=1
https://support.apple.com/guide/security/welcome/1/web
https://reverse.put.as/
https://papers.put.as/macosx/macosx/
https://github.com/theevilbit/Shield
https://developer.apple.com/account/#/overview/2NRB6WX7UD
https://cryptpad.fr/drive/#
https://support.apple.com/en-us/HT212325
https://developer.apple.com/documentation/security
https://theevilbit.github.io/posts/
https://developer.apple.com/library/archive/navigation/
https://themittenmac.com/
https://wojciechregula.blog/post/press-5-keys-and-become-root-aka-cve-2021-30655/
https://infocon.org/cons/Black%20Hat/Black%20Hat%20USA/Black%20Hat%20USA%202019/Zombie%20Ant%20Farming%20Practical%20Tips%20for%20Playing%20Hide%20and%20Seek%20with%20Linux%20EDRs.mp4
https://bradleyjkemp.dev/post/launchdaemon-hijacking/
https://secret.club/
https://www.felixcloutier.com/x86/
https://developer.apple.com/documentation/kernel/mach/vm
https://github.com/aidansteele/osx-abi-macho-file-format-reference
https://malwareunicorn.org/workshops/re102.html#7
https://github.com/michalmalik/linux-re-101
https://www.trendmicro.com/en_us/research/21/f/CVE-2021-30724_CVMServer_Vulnerability_in_macOS_and_iOS.html?utm_source=trendmicroresearch&utm_medium=smk&utm_campaign=0621_vulnmac30724
https://vx-underground.org/papers.html
https://github.com/airbnb/binaryalert/tree/master/rules/public/malware/macos
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment