https://www.linkedin.com/posts/patrick-wardle-34580581_as-always-ive-been-spelunking-around-macos-activity-7021564232227819520-4cGr?utm_source=share&utm_medium=member_desktop As always, I’ve been spelunking around macOS. Stoked to have just released a new open-source tool: “DumpBTM”
Being able to programmatically parse macOS’s proprietary BackgroundItems-v4.btm file (which contains records of all persistently installed items) is massively useful for detecting persistent Mac malware!
To read more, including full source (for your own macOS security tools), see: https://lnkd.in/gYH3KpqP
Vulnerability Research Digest - Issue 1 (macOS/iOS in 2022) – Blog – Random Security Research
sickcodes/Docker-OSX: Run macOS VM in a Docker! Run near native OSX-KVM in Docker! X11 Forwarding! CI/CD for OS X Security Research! Docker mac Containers.
parsdefense/ios-kernel-heap-profiler: iOS kernel heap memory profiler for sprayers
|[In-Memory Execution in macOS: the Old and the New||Meta Red Team X](https://rtx.meta.security/post-exploitation/2022/12/19/In-Memory-Execution-in-macOS.html)|