A binary and file access authorization system for macOS.

Living Off the Orchard: macOS Binaries (LOOBins) is designed to provide detailed information on various built-in "living off the land" macOS binaries and how they can be used by threat actors for m…

A Binary Ninja plugin for analyzing XProtect Remediator binaries.

A collection of scripts and documents to help future XProtect Remediator (XPR) research

A cross platform parser for Apple UnifiedLogs!

This is a little plugin to copy disassembly in a way that is usable in YARA rules!

A handy shell script that enables you to write repeatable demos in a bash environment.

VirusTotal Command Line Interface

macOS Security Compliance Project

Extracted Yara rules from Windows Defender mpavbase and mpasbase

Mapping XProtect's obfuscated malware family names to common industry names.

Aftermath is a free macOS incident response framework

Phorion Kronos is a macOS security tool designed to enhance Apple's Transparency Consent and Control (TCC) security and privacy mechanism.

machofile is a module to parse Mach-O binary files

Your CLI home video recorder 📼

A ruleset to find potentially malicious code in macOS malware samples

Custom Visual Studio Code Icons

An osquery extension for endpoint engineers

"The missing ProcMon for macOS": Mac Monitor records Endpoint Security events and displays them for analysis.

macOS Security Research

macOS Malware Collection

Aftermath is a free macOS IR framework

Freyja is a Golang, Purple Team agent that compiles into Windows, Linux and macOS x64 executables.

A Mac utility that automatically downloads macOS Firmwares / Installers.

CSV parser for Swift

Effortless ZIP Handling in Swift