Home

Awesome

Mac&IOS HackStudy

Mac&IOS安全学习资料汇总

Mac&IOS安全学习网站收集:

http://samdmarshall.com
https://www.exploit-db.com
https://reverse.put.as
http://highaltitudehacks.com/security/
http://www.dllhook.com/
http://www.securitylearn.net/archives/
http://securitycompass.github.io/iPhoneLabs/index.html
http://security.ios-wiki.com
http://www.opensecuritytraining.info/IntroARM.html
https://truesecdev.wordpress.com/
http://resources.infosecinstitute.com/ios-application-security-part-1-setting-up-a-mobile-pentesting-platform/
http://esoftmobile.com/2014/02/14/ios-security/
http://bbs.iosre.com
http://bbs.chinapyg.com
http://blog.pangu.io/
http://yonsm.net/
http://nianxi.net/
http://cocoahuke.com/
https://blog.0xbbc.com
http://blog.imaou.com/
https://github.com/pandazheng/iOSAppReverseEngineering
http://drops.wooyun.org
http://bbs.pediy.com
http://www.blogfshare.com/
https://github.com/michalmalik/osx-re-101
http://blog.qwertyoruiop.com/
https://github.com/secmobi/wiki.secmobi.com
http://contagioexchange.blogspot.com/
http://contagiominidump.blogspot.com/
https://github.com/secmobi
https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Guide_Development_Project
http://blog.dornea.nu/2014/10/29/howto-ios-apps-static-analysis/
http://www.dllhook.com/post/58.html
http://thexploit.com/category/secdev/
https://github.com/secmobi/wiki.secmobi.com
https://github.com/mdsecresearch
http://sectools.org/tag/os-x/
http://googleprojectzero.blogspot.com/
http://googleprojectzero.blogspot.com/2014/10/more-mac-os-x-and-iphone-sandbox.html
http://www.macexploit.com/
https://code.google.com/p/google-security-research/issues/list?can=1&q=iOS&sort=-id&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary
https://code.google.com/p/google-security-research/issues/list?can=1&q=OSX&sort=-id&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=tiles
http://googleprojectzero.blogspot.com/2014/11/pwn4fun-spring-2014-safari-part-ii.html
https://www.blackhat.com/docs/us-15/materials/us-15-Lei-Optimized-Fuzzing-IOKit-In-iOS-wp.pdf
https://www.youtube.com/watch?v=rxUgw5bEG3Y
https://www.theiphonewiki.com/wiki/Firmware
http://www.trustedbsd.org/mac.html
http://googleprojectzero.blogspot.com/2014/10/more-mac-os-x-and-iphone-sandbox.html
https://code.google.com/p/google-security-research/issues/list?can=1&q=OSX&sort=-id&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=tiles
https://support.apple.com/zh-cn/HT205731
https://www.apple.com/support/security/
http://opensource.apple.com/tarballs/
https://mobile-security.zeef.com/oguzhan.topgu
http://www.powerofcommunity.net
http://cn.0day.today/exploits
https://recon.cx/2016/training/trainingios-osx.html
https://www.exploit-db.com/osx-rop-exploits-evocam-case-study/
https://www.offensive-security.com/vulndev/evocam-remote-buffer-overflow-on-osx/
https://www.yumpu.com/en/document/view/7010924/ios-kernel-heap-armageddon
http://contagiodump.blogspot.com/
http://www.dllhook.com/post/138.html
http://shell-storm.org/blog/Return-Oriented-Programming-and-ROPgadget-tool/
https://medium.com/@harryworld/100-days-of-osx-development-e61591fcb8c8#.vxyuyse12
http://www.poboke.com/study/reverse
https://www.offensive-security.com/vulndev/evocam-remote-buffer-overflow-on-osx/
https://www.exploit-db.com/osx-rop-exploits-evocam-case-study/
http://phrack.org/issues/69/1.html
https://www.exploit-db.com/docs/28479.pdf
https://speakerdeck.com/milkmix/ios-malware-myth-or-reality
https://bbs.pediy.com/thread-223117.htm

Mac&IOS安全优秀博客文章

http://datatheorem.github.io/TrustKit/
http://ho.ax/posts/2012/02/resolving-kernel-symbols/
http://www.securitylearn.net/tag/pentesting-ios-apps/
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
https://github.com/secmobi/wiki.secmobi.com
http://bbs.iosre.com/t/debugserver-lldb-gdb/65
http://bbs.pediy.com/showthread.php?t=193859
http://bbs.pediy.com/showthread.php?t=192657&viewgoodnees=1&prefixid=
http://blog.darkrainfall.org/2013/01/os-x-internals/
http://dvlabs.tippingpoint.com/blog/2009/03/06/reverse-engineering-iphone-appstore-binaries
http://drops.wooyun.org/papers/5309
http://www.blogfshare.com/category/ios-secure
https://www.safaribooksonline.com/library/view/hacking-and-securing/9781449325213/ch08s04.html
http://soundly.me/osx-injection-override-tutorial-hello-world/
https://nadavrub.wordpress.com/2015/07/23/injecting-code-to-an-ios-appstore-app/
http://blog.dewhurstsecurity.com/
https://github.com/project-imas
https://github.com/iSECPartners
https://www.nowsecure.com/blog/
http://lightbulbone.com/
http://www.tanhao.me/pieces/1515.html/
http://dongaxis.github.io/
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
https://blog.xpnsec.com/restoring-dyld-memory-loading/
https://blog.xpnsec.com/building-a-mach-o-memory-loader-part-1/

Mac&IOS技术研究文章

源码级调试的XNU内核
https://bbs.ichunqiu.com/thread-48301-1-1.html
Armor:一款功能强大的macOS Payload加密工具,可绕过大部分AV
https://www.freebuf.com/sectool/190620.html
使用radare2逆向iOS Swift应用程序
https://www.freebuf.com/articles/terminal/191595.html
Debugging macOS Kernel For Fun
https://geosn0w.github.io/Debugging-macOS-Kernel-For-Fun/
MacMalware_2018
https://objective-see.com/downloads/MacMalware_2018.pdf
The best of OpenSource.Apple.Com for iOS
http://newosxbook.com/tools/iOSBinaries.html
FortiAppMonitor:用于监控macOS上的系统活动的强大工具
https://www.freebuf.com/sectool/193258.html
Introduction to macOS - Gatekeeper
https://github.com/yo-yo-yo-jbo/macos_gatekeeper
Introduction to macOS - the App sandbox
https://github.com/yo-yo-yo-jbo/macos_sandbox
Introduction to macOS - macOS App structure
https://github.com/yo-yo-yo-jbo/macos_app_structure
monitor macOS for malicious activity
https://github.com/droe/xnumon
Building a Custom Mach-O Memory Loader for macOS - Part 1
https://blog.xpnsec.com/building-a-mach-o-memory-loader-part-1/
Restoring Dyld Memory Loading
https://blog.xpnsec.com/restoring-dyld-memory-loading/
Ios App Extraction & Analysis
https://datalocaltmp.github.io/ios-app-extraction-analysis.html
MacOS Forensics DIY Style
https://aboutyou.tech/blog/macos-forensics-diy-style-3369868505dd/

Mac&IOS安全优秀GitHub

Contains all example codes for O'Reilly's iOS 9 Swift Programming Cookbook
https://github.com/vandadnp/iOS-9-Swift-Programming-Cookbook
XCodeGhost清除脚本
https://github.com/pandazheng/XCodeGhost-Clean
Apple OS X ROOT提权API后门
https://github.com/tihmstar/rootpipe_exploit
Effortless and universal SSL pinning for iOS and OS X
https://github.com/datatheorem/TrustKit
Patch PE, ELF, Mach-O binaries with shellcode
https://github.com/secretsquirrel/the-backdoor-factory
iReSign allows iDevice app bundles (.ipa) files to be signed or resigned with a digital certificate from Apple for distribution
https://github.com/maciekish/iReSign
A Mach-O Load Command deobfuscator
https://github.com/x43x61x69/Mach-O-Prettifier
Dylib插入Mach-O文件
https://github.com/Tyilo/insert_dylib
dylib injector for mach-o binaries
https://github.com/KJCracks/yololib
Fast iOS executable dumper
https://github.com/KJCracks/Clutch
Binary distribution of the libimobiledevice library for Mac OS X
https://github.com/benvium/libimobiledevice-macosx
python utilities related to dylib hijacking on OS X
https://github.com/synack/DylibHijack
OSX dylib injection
https://github.com/scen/osxinj
IOS IPA package refine and resign
https://github.com/Yonsm/iPAFine
ROP Exploitation
https://github.com/JonathanSalwan/ROPgadget
Class-dump any Mach-o file without extracting it from dyld_shared_cache
https://github.com/limneos/classdump-dyld
Scan an IPA file and parses its info.plist
https://github.com/apperian/iOS-checkIPA
A PoC Mach-O infector via library injection
https://github.com/gdbinit/osx_boubou
IOS-Headers
https://github.com/MP0w/iOS-Headers
Interprocess Code injection for Mac OS X
https://github.com/rentzsch/mach_inject
OS X Auditor is a free Mac OS X computer forensics tool
https://github.com/jipegit/OSXAuditor
remove PIE for osx
https://github.com/CarinaTT/MyRemovePIE
A TE executable format loader for IDA
https://github.com/gdbinit/TELoader
Mobile Security Framework
https://github.com/ajinabraham/Mobile-Security-Framework-MobSF
A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS
https://github.com/facebook/fishhook
OSX and iOS related security tools
https://github.com/ashishb/osx-and-ios-security-awesome
Introspy-Analyzer
https://github.com/iSECPartners/Introspy-Analyzer
Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk
https://github.com/stefanesser/dumpdecrypted
Simple Swift wrapper for Keychain that works on iOS and OS X
https://github.com/kishikawakatsumi/KeychainAccess
idb is a tool to simplify some common tasks for iOS pentesting and research
https://github.com/dmayer/idb
Pentesting apps using Parse as a backend
https://github.com/igrekde/ParseRevealer
The iOS Reverse Engineering Toolkit
https://github.com/Vhacker/iRET
XNU - Mac OS X kernel
https://github.com/opensource-apple/xnu
Code injection + payload communications for OSX
https://github.com/mhenr18/injector
iOS related code
https://github.com/samdmarshall/iOS-Internals
OSX injection tutorial: Hello World
https://github.com/arbinger/osxinj_tut
Reveal Loader dynamically loads libReveal.dylib (Reveal.app support) into iOS apps on jailbroken devices
https://github.com/heardrwt/RevealLoader
NSUserDefaults category with AES encrypt/decrypt keys and values
https://github.com/NZN/NSUserDefaults-AESEncryptor
Blackbox tool to disable SSL certificate validation
https://github.com/iSECPartners/ios-ssl-kill-switch
应用逆向工程 抽奖插件
https://github.com/iosre/iosrelottery
Untested iOS Tweak to hook OpenSSL functions
https://github.com/nabla-c0d3/iOS-hook-OpenSSL
IOS *.plist encryptor project. Protect your .plist files from jailbroken
https://github.com/FelipeFMMobile/ios-plist-encryptor
Re-codesigning tool for iOS ipa file
https://github.com/hayaq/recodesign
Scans iPhone/iPad/iPod applications for PIE flags
https://github.com/stefanesser/.ipa-PIE-Scanner
xnu local privilege escalation via cve-2015-1140 IOHIDSecurePromptClient injectStringGated heap overflow | poc||gtfo
https://github.com/kpwn/vpwn
MachOView
https://github.com/gdbinit/MachOView
A cross-platform protocol library to communicate with iOS devices
https://github.com/libimobiledevice/libimobiledevice
WireLurkerDetector
https://github.com/pandazheng/WireLurker
Released in accordance with GPL licensing
https://github.com/p0sixspwn/p0sixspwn
xnu local privilege escalation via cve-2015
https://github.com/kpwn/tpwn
A simple universal memory editor (game trainer) on OSX/iOS
https://github.com/pandazheng/HippocampHairSalon
BinaryCookieReader源码
https://github.com/pandazheng/BinaryCookieReader
Tiamo's bootloader
https://github.com/pandazheng/macosxbootloader
incomplete ios 8.4.1 jailbreak by Kim Jong Cracks
https://github.com/pandazheng/yalu
Security Scanner for OSX
https://github.com/openscanner/XGuardian
Sample kernel extension that demonstrates how to hide from kextstat
https://github.com/rc0r/KextHider
Example Mac OS X kernel extension that resolves symbols from the running kernel image
https://github.com/snare/KernelResolver
Sample Mac OS X (Mountain Lion) kernel extension that demonstrates how to hide files by hijacking getdirentries
syscalls
https://github.com/rc0r/FileHider
Sample Mac OS X (Mountain Lion) kernel extension that demonstrates how to hide a process by modifying allproc and pidhashtbl
https://github.com/rc0r/ProcessHider
The Mach-O disassembler. Now 64bit and Xcode 6 compatible
https://github.com/x43x61x69/otx
A Mach-O binary codesign remover
https://github.com/x43x61x69/codeunsign
A Mach-O Load Command deobfuscator
https://github.com/x43x61x69/Mach-O-Prettifier
Very simple keylogger for self-quantifying on Mac OS X
https://github.com/dannvix/keylogger-osx
Manage iOS devices through iTunes lib
https://github.com/xslim/mobileDeviceManager
Detects the hardware, software and display of the current iOS or Mac OS X device at runtime
https://github.com/lmirosevic/GBDeviceInfo
Python Arsenal for Reverse Engineering
http://pythonarsenal.com/
A OS X crypto ransomware PoC
https://github.com/gdbinit/gopher
destroyer of iOS kernelcaches
https://github.com/0xAwayy/IDA_iOS_vtab_parser
WhatsYourSign adds a menu item to Finder.app. Simply right-, or control-click on any file to display its cryptographic signing information!
https://github.com/objective-see/WhatsYourSign
macOS (& ios) Artifact Parsing Tool
https://github.com/ydkhatri/mac_apt/
macOS forensic timeline generator using the analysis result DBs of mac_apt
https://github.com/mnrkbys/ma2tl
ios-hacking
https://github.com/topics/ios-hacking
iOS Pentesting
https://github.com/carlospolop/hacktricks/blob/master/mobile-pentesting/ios-pentesting/README.md
iOS Pentesting Checklist
https://book.hacktricks.xyz/mobile-pentesting/ios-pentesting-checklist
Run unsigned iOS app without actually installing it!
https://github.com/khanhduytran0/LiveContainer
IOSSecuritySuite https://github.com/securing/IOSSecuritySuite

逆向分析

Ios App Extraction & Analysis
https://voidsec.com/reverse-engineering-terminator-aka-zemana-antimalware-antilogger-driver/

Apple Source Code

https://opensource.apple.com/
https://github.com/apple-oss-distributions

A curated list of awesome iOS application security resources.

https://github.com/Cy-clon3/awesome-ios-security

Frida(Mac & IOS调试工具)

https://codeshare.frida.re/

LOOBins

https://github.com/infosecB/LOOBins

A Tool For Digging Into Binary Files on macOS

https://www.mothersruin.com/software/Archaeology/

Darwin/macOS emulation layer for Linux

https://github.com/darlinghq/darling

Mac Forensic Tools

A forensic evidence collection & analysis toolkit for OS X
https://github.com/Yelp/osxcollector

iOS Forensic Tools

MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.
https://github.com/mvt-project/mvt
iOS_sysdiagnose_forensic_scripts
https://github.com/cheeky4n6monkey/iOS_sysdiagnose_forensic_scripts
Forensic toolkit for iOS sysdiagnose feature
https://github.com/EC-DIGIT-CSIRC/sysdiagnose

iOS Forensic Toolkit Tips & Tricks

https://blog.elcomsoft.com/2023/07/ios-forensic-toolkit-tips-tricks/
https://github.com/Yelp/osxcollector

macOS Initial Access Payload Generator

https://github.com/D00MFist/Mystikal

iOS Penetration Testing Cheat Sheet

https://github.com/ivan-sincek/ios-penetration-testing-cheat-sheet
MOBILE PENTESTING 101 – HOW TO SET UP YOUR IOS ENVIRONMENT https://securitycafe.ro/2023/06/12/mobile-pentesting-101-how-to-set-up-your-ios-environment/

Mac Malware Samples

macOS Malware Collection
https://github.com/objective-see/Malware

macOS Internals

https://gist.github.com/kconner/cff08fe3e0bb857ea33b47d965b3e19f

Mac SandBox

https://github.com/phdphuc/mac-a-mal-cuckoo
https://github.com/phdphuc/mac-a-mal

Mac OS X Memory Analysis Toolkit

https://github.com/n0fate/volafox

Open Source Tools & Mac Forensics

https://sumuri.com/open-source-tools-mac-forensics/

A collection of resources for OSX/iOS reverse engineering

https://github.com/michalmalik/osx-re-101

macOS (& ios) Artifact Parsing Tool

https://github.com/ydkhatri/mac_apt

Mac Malware Samples

https://objective-see.com/malware.html#resources

Hunting

Hunting for macOS attack techniques. Part 1 – Initial Access, Execution, Credential Access, Persistence
https://speakerdeck.com/heirhabarov/hunting-for-macos-attack-techniques-part-1-initial-access-execution-credential-access-persistence

MacOS App

Introduction to macOS - macOS App structure
https://github.com/yo-yo-yo-jbo/macos_app_structure

Mac&IOS安全优秀书籍

《Hacking and Securing iOS Applications》
《Mac OS X and iOS Internals:To the Apple’s Core》
《OS X and iOS Kernel Programming》
《OS X ABI Mach-O File Format》
《The Mac Hacker’s Handbook》
《Mac OS X Interals:A Systems Approach》
《黑客攻防技术宝典-IOS实战篇》
《IOS应用安全攻防实战》
《IOS应用逆向工程》
《IOS取证实战》
《安全技术大系:IOS取证分析》
《macOS软件安全与逆向分析》

Mac&IOS安全Twitter

https://twitter.com/Technologeeks
https://twitter.com/osxreverser
https://twitter.com/Morpheus______

Mac/IOS Exploit分析文章

CVE-2016-1749
http://turingh.github.io/2016/04/29/CVE-2016-1749%E5%86%85%E6%A0%B8%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8CPOC%E5%88%86%E6%9E%90/

CVE-2016-1757
http://googleprojectzero.blogspot.com/2016/03/race-you-to-kernel.html
https://github.com/gdbinit/mach_race

CVE-2016-1824
http://marcograss.github.io/security/apple/cve/2016/05/16/cve-2016-1824-apple-iohidfamily-racecondition.html

IOS越狱中使用到的漏洞列表

越狱ipsw

ios10 ipsw
https://ipsw.me/all
https://www.alliphone.com
https://www.theiphonewiki.com/wiki/Firmware_Keys
http://pastebin.com/FRMfanmT https://www.reddit.com/r/jailbreak/comments/4nyz1p/discussion_decrypted_kernel_cache_ios_10/d48cgd7 https://www.nowsecure.com/blog/2014/04/14/ios-kernel-reversing-step-by-step/
http://www.iphonehacks.com/download-iphone-ios-firmware
https://github.com/pinauten/Fugu15


Mac下的一些软件

http://sqwarq.com/detectx/

Mac下的安全软件

https://objective-see.com/products.html


Mac平台虚拟机软件UTM

https://docs.getutm.app/ https://getutm.app/ https://mac.getutm.app/ https://github.com/utmapp/UTM