Skip to content

Instantly share code, notes, and snippets.

@subfission
Created August 30, 2023 02:13
Show Gist options
  • Save subfission/55c9bbe28054f7b47d07996d3da8b8db to your computer and use it in GitHub Desktop.
Save subfission/55c9bbe28054f7b47d07996d3da8b8db to your computer and use it in GitHub Desktop.
MAC OS Demystified Persistence

Persistence Methods

Various persistence methods that can be investigated.

SHA Checksum Command (MAC OS)

shasum -a 512 FILE

References

Dock Persitance

plutil -p Library/Preferences/com.apple.dock.plist

Check out dockutil for free plist dock editing resource.

Auditd Shell Script

grep -v '^#' /etc/security/audit_warn

Script triggered by sudo audit -n command.

Man Path

grep -v '^#' /private/etc/man.conf

SHA Hashes

55f159eb497aebedd321e3da27aab2377298ae458da327aa9c6a86acbf8c66dbd6ce499ae31d4b1066fde8a151c7fdffb65bbf46eea898a15f232ab7e8664aa9  /etc/security/audit_warn
385577eb3b69379d55660fe9b277f4a29fb1eba0b27c39728e5acdddf64337c4244a92211ae4747c3efe2dc6ce9986b8efe3b9196bfcd7cc7dbb1df317c32a08  /private/etc/man.conf
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment