A collection of OSX/iOS security related resources
- The Story of CVE-2018-4184 or how a vulnearbility in OSX's Speech system allowed apps with access to the microphone to escape sandbox restrictions
- A repository of iOS vulnerability write-ups as they are released
- Also includes conference papers
- Regularly updated list of iOS display bugs
- Frequently updated blog that provides a good summary of the latest unique mac malware.
- Intego's corporate Mac security blog often contains recent and in-depth analysis of mac malware and other security issues
- Objective-See's blog often contains in-depth breakdowns of malware they've reverse engineered and vulnarabilities they've discovered.
- Resource to help educate Mac users about security issues. Contains historical as well as timely security updates.
- Another Mac security blog. This often includes more in-depth analysis of specific threats.
- Not strictly security-specific but it contains jailbreaking information which has security implications
- Utilities, tools, and scripts for managing and tracking a fleet of Macintoshes in a corporate environment collected by Google
- System monitoring tool
- A RESTful API and client that helps Apple Mac users determine if they are running the expected EFI firmware version given their Mac hardware and OS build version
- Everything you need to know about the launchd service
- Step-by-step guide to the startup process
- Google's system hardening guide
- How to for using OSX's sandbox system
- Reversing the Apple sandbox
- Paper
- Hardening guide for El Capitan
- Protecting your hardware from "evil maid" attacks
- Curated list of malware samples. Use this list if you're looking for interesting samples to reverse engineer
- Python tool for advanced forensics analysis
- Presentation slides
- Source code
- Python tool for proactive detection tool for malware and trojans
- Source
- Security auditing tool for UNIX-based systems, including macOS
- Modular forensic triage collection framework from CrowdStrike
- OSQuery module to give you a report of 32bit processes running on a 10.14 machine
- Locations of sensitive files
- Forensics framework
- Physical memory manipulation
- Memory analysis toolkit
- Collection of OSX and iOS artifacts
- Forensics utility developed by Yelp
- OSX incident response at GitHub Slides
- How to debug an iOS application that you didn't create
- Paid service for analyzing the iTunes backup of your iOS device
- Mac Artifact Parsing Tool for processing full disk images and extracting useful information
- The author also has a collection of DFIR scripts
- Frequently updated book on OSX internals
- Another Awesome-style list dedicated to OSX reverse engineering resources
- A collection of puzzles to test your reverse engineering skills
- Walkthrough for Coca applications
- Source code for iOS kernel
- Very good list of various crackme challenges that is categorized by level and OS
- Awesome list dedicated to reversing
- Examining iOS applications for poorly guarded secrets
- Fuzzing and exploiting OSX kernel bugs
- Video, hacking Mac's extensible firmware interface (EFI)
- security flaws in IOKit's graphics acceleration that lead to exploitation from the browser
Fuzzing and Exploiting OSX Vulnerabilities for Fun and Profit Complementary Active & Passive Fuzzing
- An exploration of the sandbox protections policies
- Presentation
- Exploration of QuartzCore/CoreAnimation flaw leading to a malicious application being able to read restricted memory.
- Load iOS12 kernelcaches and PAC code in IDA
- Proof of concept for CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6
- MachO tricks - Appears to be slides from a presentation that ends with the CVE listed above
- How the public warning system can be used as an attack vector
- An exploration of a code signing vulnerability in macOS that has persisted for 11 years
- Creating signed and customized backdoored macos apps
- A flaw in Unified Logs leaks the password for encrypted APFS volumes
- CPU flaw allowing kernel memory to be accessed by hijacking speculative execution
- Proof of concept
- Apple's statement
- Measuring OSX meltdown patches performance
- iPhone performance after Spectre patch
- Firmware bootkit
- A post on the resurgence of bootkits and how to defend against them
- Exploration of a Remote Access Toolkit
- First OSX ransomware
EFI attack that exploits a vulnerability in suspend-resume cycle Sentinel One write-up
- Deep dive into the interprocess communication and its design flaws
- Gaining access through the wireless subsystem
- Details the discovery of a vulnerability in Apple's Call handoff between mobile and desktop through analyzing network traffic.
Google's Project Zero series of articles that detail vulnerabilities in the wireless stack used by Apple Devices
- Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 1)
- Over The Air: Exploiting Broadcom’s Wi-Fi Stack (Part 2)
- Over The Air - Vol. 2, Pt. 1: Exploiting The Wi-Fi Stack on Apple Devices
- Over The Air - Vol. 2, Pt. 2: Exploiting The Wi-Fi Stack on Apple Devices
- Over The Air - Vol. 2, Pt. 3: Exploiting The Wi-Fi Stack on Apple Devices
- Mac enrollment helper provided by IBM
- Audit and fix macOS High Sierra (10.13.x) security settings
- Darwin/macOS emulation layer for Linux
- Open source kernel monitoring
- Developer jailbreak for Apple Watch
- Deep dive into Secure Boot on 2018 MacBook Pro
- Tutorial on getting an iOS kernel to run in QEMU
- Monitor macOS for malicious activity
- source
- Audits system artifacts to help you identify unknown and novel threats
- Utility to test for code-sign bypass vulnerability
- Mac menubar item that lets you know about security events on your system
- Automated malware analysis on macOS
- method interface exchange
- C and Python debugging framework for OSX
- store and retrieve bitcode from Mach-O binary
- retrieve and change information about mach-o files
- kernel module for OSX to defeat anti-debugging protection
- CLI utility for creating and modifying DMG files
- convert dmg to iso
- Homebrew tap for security-related utilities
- Collection of really useful shell commands
- Dump keychain credentials
- Listing startup items. Also includes VirusTotal information
- GUI for launchd
- Excellent OSX debugger (requires license)
- Python utility for generating imphash fingerprints for OSX binaries
- Wireless scanning and packet capturing
- Framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode
- GUI for generating .app bundles
- CLI for generating .pkg installers
- System firmware checker by Intel
- A collection of OSX rootkit ideas
- Remote control library for fuzz testing iOS apps
- Blackbox fuzz testing for iOS apps (requires jailbreak)
- Contains a script for decrypting an encrypted iOS backup archive
- Use a remote virtual interface to capture packets from a tethered iOS device
- Python utility
- Another python utility