Awesome

osx-security-awesome

A collection of OSX/iOS security related resources

News
Hardening
Malware sample sources
DFIR
Reverse engineering
Presentations and Papers
Virus and exploit writeups
Useful tools and guides
Remote Access Toolkits
Worth following on Twitter

News

Linking a microphone

The Story of CVE-2018-4184 or how a vulnearbility in OSX's Speech system allowed apps with access to the microphone to escape sandbox restrictions

iOS vulnerability write-up

A repository of iOS vulnerability write-ups as they are released
Also includes conference papers

iOS display bugs

Regularly updated list of iOS display bugs

Mac Virus

Frequently updated blog that provides a good summary of the latest unique mac malware.

Intego Mac Security Blog

Intego's corporate Mac security blog often contains recent and in-depth analysis of mac malware and other security issues

Objective-See

Objective-See's blog often contains in-depth breakdowns of malware they've reverse engineered and vulnarabilities they've discovered.

The Safe Mac

Resource to help educate Mac users about security issues. Contains historical as well as timely security updates.

Mac Security

Another Mac security blog. This often includes more in-depth analysis of specific threats.

OSX Daily

Not strictly security-specific but it contains jailbreaking information which has security implications

Hardening

macops

Utilities, tools, and scripts for managing and tracking a fleet of Macintoshes in a corporate environment collected by Google

SUpraudit

System monitoring tool

EFIgy

A RESTful API and client that helps Apple Mac users determine if they are running the expected EFI firmware version given their Mac hardware and OS build version

Launchd

Everything you need to know about the launchd service

OSX startup sequence

Step-by-step guide to the startup process

Google OSX hardening

Google's system hardening guide

Run any command in a sandbox

How to for using OSX's sandbox system

Sandblaster

Reversing the Apple sandbox
Paper

OSX El Capitan Hardening Guide

Hardening guide for El Capitan

Hardening hardware and choosing a good BIOS

Protecting your hardware from "evil maid" attacks

Malware sample sources

Objective-See

Curated list of malware samples. Use this list if you're looking for interesting samples to reverse engineer

Alien Vault

Contagio malware dump

Digital Forensics / Incident Response (DFIR)

APOLLO tool

Python tool for advanced forensics analysis
Presentation slides
Source code

venator

Python tool for proactive detection tool for malware and trojans
Source

lynis

Security auditing tool for UNIX-based systems, including macOS

AutoMacTC

Modular forensic triage collection framework from CrowdStrike

Legacy Exec History

OSQuery module to give you a report of 32bit processes running on a 10.14 machine

Using the macOS/iOS knowledgeC.db Database to Determine Precise User and Application Usage

Artefacts for Mac OSX

Locations of sensitive files

Pac4Mac

Forensics framework

Inception

Physical memory manipulation

Volafox

Memory analysis toolkit

Mac4n6

Collection of OSX and iOS artifacts

Keychain analysis with Mac OSX Forensics

OSX Collector

Forensics utility developed by Yelp

OSX incident response

OSX incident response at GitHub Slides

iOS Instrumentation without jailbreaking

How to debug an iOS application that you didn't create

Certo

Paid service for analyzing the iTunes backup of your iOS device

Blackbag Tech free tools

OSX (Mac) Memory Acquisition and Analysis Using OSXpmem and Volatility

mac-apt

Mac Artifact Parsing Tool for processing full disk images and extracting useful information
The author also has a collection of DFIR scripts

Reverse engineering

New OS X Book

Frequently updated book on OSX internals

Collection of OSX reverse engineering resources

Another Awesome-style list dedicated to OSX reverse engineering resources

The iPhone Wiki

Reverse engineering OSX

OSX crackmes

A collection of puzzles to test your reverse engineering skills

Introduction to Reverse Engineering Cocoa Applications

Walkthrough for Coca applications

iOS Kernel source

Source code for iOS kernel

Reverse Engineering Challenges

Very good list of various crackme challenges that is categorized by level and OS

Awesome Reversing

Awesome list dedicated to reversing

Presentations and Papers

Area41 2018: Daniel Roethlisberger: Monitoring MacOS For Malware And Intrusions

Windshift APT

Deep-dive write-up by Objective See

Automated Binary Analysis on iOS – A Case Study on Cryptographic Misuse in iOS Applications

Examining iOS applications for poorly guarded secrets

Writing Bad @$$ Malware for OSX

Slides and another related video.

Methods of Malware Persistence on OSX

Advanced Mac OSX Rootkits

The Python Bytes Your Apple

Fuzzing and exploiting OSX kernel bugs

Breaking iOS Code Signing

The Apple Sandbox - 5 years later

Practical iOS App Hacking

Behavioral Detection and Prevention of Malware on OS X

Security on OSX and iOS

Slides

Thunderstrike

Video, hacking Mac's extensible firmware interface (EFI)

Direct Memory Attack the Kernel

Don't trust your eye, Apple graphics is compromised

security flaws in IOKit's graphics acceleration that lead to exploitation from the browser

Fuzzing and Exploiting OSX Vulnerabilities for Fun and Profit Complementary Active & Passive Fuzzing

Strolling into Ring-0 via I/O Kit Drivers

Juice Jacking

Attacking OSX for fun and profit tool set limiations frustration and table flipping Dan Tentler

Follow-up from target

Building an EmPyre with Python

PoisonTap

Storing our Digital Lives - Mac Filesystems from MFS to APFS

slides

Collection of mac4en6 papers/presentations

The Underground Economy of Apple ID

iOS of Sauron: How iOS Tracks Everything You Do

macOS/iOS Kernel Debugging and Heap Feng Shui

Billy Ellis iOS/OSX hacking YouTube channel

A Technical Autopsy of the Apple - FBI Debate using iPhone forensics | SANS DFIR Webcast

Jailbreaking Apple Watch at DEFCON-25

SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles

An exploration of the sandbox protections policies
Presentation

Virus and exploit writeups

Detailed Analysis of macOS/iOS Vulnerability CVE-2019-6231

Exploration of QuartzCore/CoreAnimation flaw leading to a malicious application being able to read restricted memory.

kernelcache laundering

Load iOS12 kernelcaches and PAC code in IDA

blanket

Proof of concept for CVE-2018-4280: Mach port replacement vulnerability in launchd on iOS 11.2.6

Proof of Concept for Remote Code Execution in WebContent

MachO tricks - Appears to be slides from a presentation that ends with the CVE listed above

There's Life in the Old Dog Yet: Tearing New Holes into Intel/iPhone Cellular Modems

How the public warning system can be used as an attack vector

I can be Apple, and so can you

An exploration of a code signing vulnerability in macOS that has persisted for 11 years
Creating signed and customized backdoored macos apps

Leveraging emond on macOS for persistence

APFS credential leak vulnerability

A flaw in Unified Logs leaks the password for encrypted APFS volumes

A fun XNU infoleak

Meltdown

CPU flaw allowing kernel memory to be accessed by hijacking speculative execution
Proof of concept
Apple's statement
Measuring OSX meltdown patches performance
iPhone performance after Spectre patch

Flashback

Detailed analysis

Flashback pt 2

iWorm

Detailed analysis

Thunderbolt

Firmware bootkit

Malware in firmware: how to exploit a false sense of security

A post on the resurgence of bootkits and how to defend against them

Proton RAT

Exploration of a Remote Access Toolkit

Mokes

MacKeeper

OpinionSpy

Elanor

Mac Defender

Wire Lurker

KeRanger

First OSX ransomware

Proof-of-concept USB attack

Dark Jedi

EFI attack that exploits a vulnerability in suspend-resume cycle Sentinel One write-up

XAgent Mac Malware Used In APT-28

Samples

Juice Jacking

Local Privilege Escalation for macOS 10.12.2 and XNU port Feng Shui

Ian Beer, Google Project Zero: "A deep-dive into the many flavors of IPC available on OS X."

Deep dive into the interprocess communication and its design flaws

PEGASUS iOS Kernel Vulnerability Explained

Analysis of iOS.GuiInject Adware Library

Broadpwn

Gaining access through the wireless subsystem

Reverse Engineering and Abusing Apple Call Relay Protocol

Details the discovery of a vulnerability in Apple's Call handoff between mobile and desktop through analyzing network traffic.

Exploiting the Wifi Stack on Apple Devices

Google's Project Zero series of articles that detail vulnerabilities in the wireless stack used by Apple Devices

ChaiOS bug

A message that crashes iMessage
Looks similar to previous bugs rendering Arabic characters

Useful tools and guides

Mac@IBM

Mac enrollment helper provided by IBM

mOSL

Audit and fix macOS High Sierra (10.13.x) security settings

Darling

Darwin/macOS emulation layer for Linux

Kemon

Open source kernel monitoring

jelbrektime

Developer jailbreak for Apple Watch

Booting Secure

Deep dive into Secure Boot on 2018 MacBook Pro

Tutorial - emulate an iOS kernel in QEMU up to launchd and userspace

Tutorial on getting an iOS kernel to run in QEMU

xnumon

Monitor macOS for malicious activity
source

DetectX

Audits system artifacts to help you identify unknown and novel threats

Are you really signed?

Utility to test for code-sign bypass vulnerability

osx security growler

Mac menubar item that lets you know about security events on your system

mac-a-mal

Automated malware analysis on macOS

jrswizzle

method interface exchange

MacDBG

C and Python debugging framework for OSX

bitcode_retriever

store and retrieve bitcode from Mach-O binary

machotools

retrieve and change information about mach-o files

onyx-the-black-cat (outdated original)

kernel module for OSX to defeat anti-debugging protection

create-dmg

CLI utility for creating and modifying DMG files

dmg2iso

convert dmg to iso

Infosec Homebrew

Homebrew tap for security-related utilities

Awesome OSX Command Line

Collection of really useful shell commands

Keychain dump

Dump keychain credentials

KnockKnock

Listing startup items. Also includes VirusTotal information

Lingon-X

GUI for launchd

Hopper

Excellent OSX debugger (requires license)

Symhash

Python utility for generating imphash fingerprints for OSX binaries

KisMac2

Wireless scanning and packet capturing

Passive fuzz framework

Framework is for fuzzing OSX kernel vulnerability based on passive inline hook mechanism in kernel mode

Platypus

GUI for generating .app bundles

createOSXinstallPkg

CLI for generating .pkg installers

PoisonTap

Chipsec

System firmware checker by Intel

Revisiting Mac OS X Kernel Rootkits by Phrack Magazine

A collection of OSX rootkit ideas

iPhone Data Protection in Depth

Cycript

Remote control library for fuzz testing iOS apps

ChaoticMarch

Blackbox fuzz testing for iOS apps (requires jailbreak)

iOS backup decrypt script

Contains a script for decrypting an encrypted iOS backup archive

Remote Packet Capture for iOS Devices

Use a remote virtual interface to capture packets from a tethered iOS device
Python utility
Another python utility

Pareto Security

A MenuBar app to automatically audit your Mac for basic security hygiene.

Mana Security

Vulnerability Management app for individuals. It helps to keep macOS and installed applications updated.

cnspec

Open source vulnerability and misconfiguration scanning for macOS hosts + much more.