• Stars
    star
    18
  • Rank 1,208,065 (Top 24 %)
  • Language
    C++
  • Created almost 10 years ago
  • Updated over 9 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

OS X rootkit loader version #1

More Repositories

1

MachOView

MachOView fork
C
2,495
star
2

Gdbinit

Gdbinit for OS X, iOS and others - x86, x86_64 and ARM
1,596
star
3

lldbinit

A gdbinit clone for LLDB
Python
325
star
4

firmware_vault

A repo for all Apple EFI firmware files
255
star
5

readmem

A small OS X/iOS userland util to dump processes memory
C
218
star
6

onyx-the-black-cat

Kernel extension to disable anti-debug tricks and other useful XNU "features"
C
209
star
7

rootfool

A small tool to dynamically disable and enable SIP in El Capitan
C
163
star
8

EFISwissKnife

An IDA plugin to improve (U)EFI reversing
C++
142
star
9

HexRaysDeob

Hex-Rays OLLVM Deobfuscator and MicroCode Explorer
C++
118
star
10

hydra

A kernel extension and userland daemon to patch applications
C
104
star
11

otool-ng

Some improvements to Apple's otool.
C
100
star
12

gopher

A OS X crypto ransomware PoC
C
90
star
13

mach_race

Exploit code for CVE-2016-1757
C
81
star
14

efi_dxe_emulator

EFI DXE Emulator and Interactive Debugger
C
79
star
15

pydbg64

PyDBG64 - OS X PyDbg with 64 bits support
C
68
star
16

osx_boubou

A PoC Mach-O infector via library injection
C
64
star
17

mpress_dumper

MPRESS dumper for OS X
Assembly
64
star
18

gimmedebugah

A small utility to inject a Info.plist into binaries.
C
57
star
19

gdb-ng

Apple's gdb fork with some fixes and enhancements
C
54
star
20

ExtractMachO

IDA plugin to extract Mach-O binaries located in the disassembly or data
C
54
star
21

Gatekeerper

A kernel extension to mitigate Gatekeeper bypasses
C
48
star
22

kextstat_aslr

Implementation of kexstat via /dev/kmem with kernel ASLR support
C
38
star
23

can_I_suid

A TrustedBSD module to control execution of binaries with suid bit set
C
37
star
24

crackme_nr1

fG!'s crackme #1 source code
C
36
star
25

bruteforcesysent

Small util to discover OS X sysent via bruteforce
C
33
star
26

tcplognke

Apple's tcplognke code sample
C
29
star
27

TELoader

A TE executable format loader for IDA
C
28
star
28

unicorn_string_deobfuscator

A Unicorn based emulator to deobfuscate Equation Group string XOR obfuscation
C
27
star
29

mario

The kernel component of rootpipe fix for Mavericks
C
27
star
30

adium-ng-preview

Repo to dump some preview info and builds for adium-ng
27
star
31

MicrocodeExplorer

Hex-Rays MicrocodeExplorer
C++
26
star
32

readkmem

small utility to dump kernel memory
C
25
star
33

rex_versus_the_romans

Anti Hacking Team TrustedBSD module
C
25
star
34

readphysmem

A small utility to read and write to Macs physical memory using default AppleHWAccess.kext.
Objective-C
25
star
35

llvmpatches

Misc llvm patches
CMake
22
star
36

hello_santa_bye_santa

Bypass Google's Santa
C
21
star
37

fixobjc

IDA IDC script to improve Objective-C disassembly output
21
star
38

checkidt

Small util to dump the IDT table of a running OS X system with kmem enabled
C
20
star
39

armorysandbox

A USB armory based USB sandbox
Makefile
20
star
40

MachOPlugin

IDA plugin to Display Mach-O headers
C
19
star
41

icetheguardianv2

A TrustedBSD module PoC to monitor writes to Daemons and Agents folders
C
19
star
42

kgmacros

Fixed kgmacros to work with VMware kernel gdb stub
17
star
43

ExtractMacho2

IDA plugin to extract Mach-O binaries located in the disassembly or data
C++
17
star
44

syscall-benchmark

macOS syscall performance benchmark
Assembly
16
star
45

av-monster

PoC kext to disable OS X anti-virus software
C
15
star
46

luigi

The userland component of rootpipe fix for Mavericks
Objective-C
14
star
47

carbon_copy_cloner_keychaingen

A keygen for Carbon Copy Cloner private keychain
Objective-C
14
star
48

Crisis-Analysis-Tools

Scripts and other material related to OS.X/Crisis malware analysis
C
13
star
49

diagnostic_service2

OS X rootkit loader version #2
C++
12
star
50

calcspace

Small util to calculate available free space in mach-o binaries for code injection
C
12
star
51

idc-scripts

Random collection of IDA's IDC scripts
11
star
52

Disable-m3u

iTunes plugin to disable creation of m3u playlists
C
11
star
53

rexthewonderdog

A lazy PoC for implementing backdoors in OS X TrustedBSD Mac framework.
C
10
star
54

fuckyouilfak

A IDA Pro 9.0 Beta 2 macOS x86 Fix Loader
C
10
star
55

delambert

GreenLambert macOS IDA plugin to deobfuscate strings
C++
10
star
56

GiveMeHex

A quick IDA hack to get addresses with 0x prefix
C++
9
star
57

twitterwipe

A Go utillty to delete your Twitter history
Go
9
star
58

how_crap_is_ida

An IDA plugin to compare IDA detected functions output versus LC_FUNCTION_STARTS information
C++
9
star
59

evilquest_stats

Small utility to hash EvilQuest code and cstrings sections
Go
7
star
60

keygen_CrackMe_nr1_qwertyoruiop

Keygen for qwertyoruiop's CrackMe nr1
C
7
star
61

spiflash

Very fast reader for SPI flashes for Teensy 2.x.
C
7
star
62

bpf_dbg_output

Small tool to convert bpf binary bytecode to bpf_dbg format
C
7
star
63

evilquest_deobfuscator

EvilQuest/ThiefQuest malware strings decrypter/deobfuscator
Go
6
star
64

icetheguardian

A PoC to protect critical OS X files using TrustedBSD Mac framework.
C
5
star
65

SMBIOSKeygen

macserial and GenSMBIOS merged and ported to Go
Go
4
star
66

yage

An age fork with internal Yubikeys support
Go
2
star
67

snake_queue_parser

A decryptor for Snake/Turla configuration files
Objective-C
2
star
68

Mach-O-Lib

Library to access and manipulate Mach-O headers
1
star
69

macserial

macserial Go module
1
star