awesome-apple-security

Apple Security Guide

A curated collection of resources and tools related to Apple security and forensics.

Curated list of tools, techniques and resources related to Apple Security (macOS, iOS, iPadOS, tvOS, watchOS) aimed to help people with an interest in Apple related security topics to get a hold in this field, and for professionals to discover / explore other resources.

GitHub
28 stars
2 watching
1 forks
last commit: 10 days ago
Linked from 1 awesome list

appleawesomeawesome-listmacossecurity

Awesome Apple Security List / Forensics / Acquisition and Evidence Collection
Cellebrite Digital Collector (Former Macquisition) Commercial Tooling for Acquisition of macOS Forensic Images
mac_apt 781 about 1 month ago Plugin based forensics framework for quick mac triage that works on live machines, disk images or individual artifact files
Auditor 3,128 over 4 years ago Deprecated macOS DFIR tool for older systems
Collector 1,875 over 5 years ago macOS offshoot for live response
The ESF Playground A tool to view the events in Apple Endpoint Security Framework (ESF) in real time

Awesome Apple Security List / Apple Guidance
Developers Documentation Developer Documentation for reference
Security Documentation Security Documentation of Apple Products
Report Vulnerabilities In case you want to submit a vulnerability to Apple
Apple Security Bounty Apple's Bug Bounty Program information
Apple Platform Security Apple Information on Platform Security
Apple File System Documentation on the filesystem

Awesome Apple Security List / Attack Vectors and Adversary Techniques
MITRE ATT&CK - macOS Matrix Tools, Techniques and Attack Vectors used by adversaries to target macOS devices
Sandbox Evasion Macros How to evade the sandbox with MS Office Macros

Awesome Apple Security List / Blogs
Mac Security Blog Generic Blog on macOS Security
Wojciech Regula's Blog Wojciech's macOS Related blog
Cedric Owens Medium Blog Cedric Owens Blog on macOS Security
Objective-See by Patrick Wardle Patrick Wardle's Website
Mac4n6 Mac Forensics
Mandiant Mandiant macOS Articles

Awesome Apple Security List / Articles
RE Cocoa Applications -
Office365 Sanbox Escape Sandbox Escape macOS for Office365

Awesome Apple Security List / Books and Magazines
The Art of Mac Malware Primer on malware on macOS by Patrick Wardle
macOS Incident Response macOS Incident Response primer (2017)
Kernel Book Book in three parts about the macOS Kernel
macOS Internals Internals of macOS (2007)
Kernel Programming Kernel Programming reference for macOS / iOS
eForensics Magazine Magazine for (macOS) Forensics
iOS Forensics for Investigators iOS Forensics Book
iOS Hacking Guide By Security Innovation
iOS Application Security: The Definitive Guide for Hackers and Developers By David Thiel
iOS Penetration Testing: A Definitive Guide to iOS Security By Kunal Relan
Learning iOS Penetration Testing By Swaroop Yermalkar
Hacking and Securing iOS Applications By Jonathan Zdziarski
iOS Hacker's Handbook By Charlie Miller

Awesome Apple Security List / People
Cedric Owens X - macOS Security Researcher and Purple Teamer
Csaba Fitzl X - Hungarian Researcher specialized on macOS Security
Patrick Wardle X - Founder of Objective-see, and Security Researcher
Sarah Edwards X - Security Researcher and Trainer of SANS 518 Course
Cody Thomas GitHub - Developer of Mythic C2
Regula Wojciech X - macOS Security Researcher
Alexis Brignoni X - DFIR Researcher, iLEAPP Developer

Awesome Apple Security List / Software Collections
Macintosh Repository Repository of old macOS Software

Awesome Apple Security List / Malware
The Safe Mac Older macOS Malware Catalogue
VX-Underground Malware Collection (various OS)
VX-Underground Malware Source Code 15,853 about 1 month ago Malware Sourcecode collection (various OS)
Objective-See Malware 331 28 days ago Malware Collection by Patrick Wardle

Awesome Apple Security List / Hardware Information
Hardware Database Lookup hardware specifications of every mac model
M1 Chip Safe Mode Blogpost on M1 Chipset Safe Mode

Awesome Apple Security List / Log Analysis
Unified Log A primer on macOS Unified Log
Unified Log in Incident Response Using the Unified Log for Incident Response

Awesome Apple Security List / Processes
True Tree Improved process tree
Process and File Monitor Command Line Utilit(ies) to monitor processes and files

Awesome Apple Security List / Persistence
Persistence Samples Collection of persistence methods and samples used
Knockknock Displays persistence items in macOS
PersistentJXA 261 over 1 year ago Collection of macOS persistence methods in JXA
Apple Persistence Mechanisms Persistence Mechanisms

Awesome Apple Security List / Tools / Process Viewer
Process Tree 781 about 1 month ago Process tree Repository

Awesome Apple Security List / Tools / File System
iOS FS Event Parser 236 8 months ago Parsing filesystem events
FS Monitor FS Monitor to view live file system changes
macOS FS Events Parser 26 7 months ago FS Events Parser

Awesome Apple Security List / Tools / Offensive Tools
Mythic C2 Mythic C2 Framework Documentation
VOODOO 39 over 2 years ago Browser Attack Framework for macOS
SwiftSpy 78 about 3 years ago macOS Keyloger written in Swift

Awesome Apple Security List / Tools / Reverse Engineering Tools
Hopper A reverse engineering tool that will assist you in your static analysis of executable files
Ghidra 51,809 6 days ago A software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate
Radare2 20,705 6 days ago UNIX-like reverse engineering framework and command-line toolset
Cutter 15,882 11 days ago Free and Open Source Reverse Engineering Platform powered by rizin
frida-ios-dump 3,429 over 1 year ago A tool to pull a decrypted IPA from a jailbroken device
bagbak 1,235 about 2 months ago Yet another frida based App decryptor. Requires jailbroken iOS device and frida.re
flexdecrypt 675 over 1 year ago An iOS App & Mach-O binary decryptor
bfdecrypt 442 over 4 years ago Utility to decrypt App Store apps on jailbroken iOS 11.x
bfinject 624 over 2 years ago Easy dylib injection for jailbroken 64-bit iOS 11.0 - 11.1.2. Compatible with Electra and LiberiOS jailbreaks
r2flutch 167 over 2 years ago Yet another tool to decrypt iOS apps using r2frida
Clutch 3,706 6 days ago A high-speed iOS decryption tool
dsdump 1,127 10 months ago An improved nm + objc/swift class-dump tool
class-dump 3,409 over 2 years ago A command-line utility for examining the Objective-C segment of Mach-O files
SwiftDump 400 over 1 year ago A command-line tool for retriving the Swift Object info from Mach-O file
jtool An app inspector, disassembler, and signing utility for the macOS, iOS
Sideloadly An app to sideload your favorite games and apps to Jailbroken & Non-Jailbroken iOS devices
Cydia Impactor A GUI tool for sideloading iOS application
AltStore Allows to sideload other apps (.ipa files) onto iOS device
iOS App Signer 5,655 17 days ago An app for macOS that can (re)sign apps and bundle them into ipa files that are ready to be installed on an iOS device

Awesome Apple Security List / Tools / Dynamic Analysis Tools
Corellium The only platform offering ARM-based mobile device virtualization using a custom-built hypervisor for real-world accuracy and high performance
Frida 16,220 8 days ago Dynamic instrumentation toolkit for developers, reverse-engineers, and security researchers
frida-gum 756 8 days ago Cross-platform instrumentation and introspection library written in C
Fridax 163 over 1 year ago Fridax enables you to read variables and intercept/hook functions in Xamarin/Mono JIT and AOT compiled iOS/Android applications
r2frida 1,188 10 days ago Radare2 and Frida better together
r2ghidra 350 13 days ago An integration of the Ghidra decompiler for radare2
iproxy 602 30 days ago A utility allows binding local TCP ports so that a connection to one (or more) of the local ports will be forwarded to the specified port (or ports) on a usbmux device
itunnel Use to forward SSH via USB
objection 7,551 2 months ago A runtime mobile exploration toolkit, powered by Frida, built to help you assess the security posture of your mobile applications, without needing a jailbreak
Grapefruit 814 26 days ago Runtime Application Instruments for iOS
Passionfruit 1,667 about 3 years ago Simple iOS app blackbox assessment tool, powered by frida 12.x and vuejs
Runtime Mobile Security (RMS) 2,633 about 2 months ago Runtime Mobile Security (RMS), powered by FRIDA, is a powerful web interface that helps you to manipulate Android and iOS Apps at Runtime
membuddy Dynamic memory analysis & visualisation tool for security researchers
unidbg 3,883 9 days ago Allows you to emulate an Android ARM32 and/or ARM64 native library, and an experimental iOS emulation
Qiling 5,158 about 1 month ago An advanced binary emulation framework
fishhook 5,202 4 months ago A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS
Dwarf 1,277 6 months ago Full featured multi arch/os debugger built on top of PyQt5 and frida
FridaHookSwiftAlamofire 96 almost 2 years ago A frida tool that capture GET/POST HTTP requests of iOS Swift library 'Alamofire' and disable SSL Pinning
ios-deploy 3,415 5 months ago Install and debug iOS apps from the command line. Designed to work on un-jailbroken devices
aah 170 over 4 years ago Run iOS arm64 binaries on x86_64 macOS, with varying degrees of success
LLDB A next generation, high-performance debugger
mitmproxy A free and open source interactive HTTPS proxy
Burp Suite An advanced HTTPS proxy software

Awesome Apple Security List / Tools / Static Analysis Tools
iLEAPP 750 6 days ago An iOS Logs, Events, And Plist Parser
Keychain Dumper 1,344 3 months ago A tool to check which keychain items are available to an attacker once an iOS device has been jailbroken
BinaryCookieReader 94 about 2 months ago A tool to read the binarycookie format of Cookies on iOS applications
PList Viewer 19 over 9 years ago Gtk application to view property list files
XMachOViewer 802 6 days ago A Mach-O viewer for Windows, Linux and macOS
MachO-Explorer 645 about 4 years ago A graphical Mach-O viewer for macOS. Powered by Mach-O Kit
iFunbox A general file management software for iPhone and other Apple products
3uTools An All-in-One management software for iOS devices
iTools An All-in-One solution for iOS devices management

Awesome Apple Security List / Tools / Frida
FridaSwiftDump 83 over 1 year ago A Frida script for retriving the Swift Object info from an running app
iOS 13 SSL Bypass SSL Pinning Bypass for iOS 13
iOS 12 SSL Bypass SSL Pinning Bypass for iOS 12
iOS Jailbreak Detection Bypass A Frida script used for bypass iOS jailbreak detection by hooking some methods and functions
iOS App Static Analysis Script for iOS app's static analysis
Touch ID Bypass A Frida script for iOS Touch/Face ID Bypass

Awesome Apple Security List / Conferences
MacDevOps YVR
OBTS

Awesome Apple Security List / Trainings
OffSec EXP-312 Advanced macOS Control Bypass Trainin by OffSec's @theevilbit
Sumuri Forensics Training in two parts for macOS, to gain Certified Forensic Mac Examiner Certification
SANS 518 Course at SANS for macOS and iOS Forensics
Objective-by-the-sea Security Conference (macOS) organized by Patrick Wardle
SpecterOPS SPECTEROPS macOS Adversary Tactics
Pentesting iOS Applications By PentesterAcademy
iOS Pentesting By Mantis
iOS Application Pentesting Series By Sateesh Verma
IOS: Penetration Testing By Noisy Hacker

Awesome Apple Security List / Videos
Curated YouTube Playlist Curated YouTube playlist with macOS/iOS Security Topics

Backlinks from these awesome lists:

More related projects: