Abertay Ethical Hacking Society
  • Home
  • Information
    • Constitution
    • Change Logs
      • Website
      • Discord
      • Github
      • Server
    • Meetings
      • 2021-2022
    • Honourary Members
  • Contributing
    • Contributions
      • Using Git
      • Formatting and Best Practise
  • Society Events
    • Securi-Tay
      • History
  • Help Guides
    • Programming / Scripting
      • AWK
      • Bash Scripting
      • C Coding
      • Java Coding
      • LaTeX
      • Markdown
      • Project Ideas
      • Python Scripting
      • Tools
    • Software
      • Operating Systems
        • Installing Arch
        • Installing Kali
        • Linux Commands for Beginners
        • MacOS
      • Tools
        • PGP
          • A guide to using PGP on Android
          • A guide to using PGP on macOS
          • PGP
        • Radare2
        • Nmap
        • Regular Expressions
        • The Browser Exploitation Framework (BeEF)
        • Vim
        • Vimium
        • Zsh
    • Networking
      • Domain Name System (DNS)
      • Remote access to your Abertay network drive
      • Secure Shell (SSH)
      • TLS 1.3
      • Wireshark
      • Subnetting
    • Techniques
      • A guide to creating malicious macro-enabled Excel worksheets
      • Open Source Intelligence (OSINT)
      • Google-Fu
    • Jobs
      • Common Interview Questions
    • Home Lab
      • PiHole
  • Glossary
    • Infosec Terms
    • Computing Terms
    • Hardware Terms
    • General Terms
    • Development Terms
    • Networking Terms
  • Members
    • Profiles
      • AG
      • Isaac
      • Sam
  • Other
    • Other
      • Data Dumps
      • Meetups
      • Meltdown & Spectre
      • Movies
      • Project topic suggestions
      • Recommended Reading
Powered by GitBook
On this page
  • Intro/links/basics
  • Apple Documentation
  • General
  • iCloud
  • .zshprofile
  • .hushlogin
  • Lock Screen
  • Disk Images
  • Random
  • Homebrew
  • Taps
  • Python
  • Upgrading Packages
  • Virtualisation
  • VMWare Fusion
  • Parallels
  • Apps
  • General
  • Programming
  • Security/ Privacy
  • Touch Bar
  • Research
  • Blogs
  • Talks
  • Slides
  • Articles
  • Papers
  • Forensics
  • Exploits
  • Books
  • MacOS and iOS Internals (Levin)

Was this helpful?

  1. Help Guides
  2. Software
  3. Operating Systems

MacOS

PreviousLinux Commands for BeginnersNextTools

Last updated 3 years ago

Was this helpful?

Intro/links/basics

  • like default TextEdit to plain text

  • “A launchd Tutorial”

Apple Documentation

  • (Videos)

General

iCloud

  • Adding .nosync to the end of a folder in iCloud Drive stops it being synced (via ).

.zshprofile

macOS Catalina and later ship with zsh as .

.hushlogin

Add a .hushlogin file to the directory you terminal starts in to suppress the Last login: message at the top of your terminal.

touch .hushlogin

Lock Screen

Change Key Combo

Go to System Preferences > Keyboard > Shortcuts > App Shortcuts

Click + to add a new one called Lock Screen and set the key combo (eg. ⌥⌘+L)

Stop Wifi Dropping on Screen Lock

cd /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/
sudo ./airport en0 prefs DisconnectOnLogout=NO

Disk Images

Random

Homebrew

Taps

Example

If you run brew tap sidaf/homebrew-pentest you'll be able to install any formulas from the sidaf/homebrew-pentest repository via brew install. brew install panoptic will search the default Homebrew repository then any tapped repositories for a formula with the name panoptic.

Python

Upgrading Packages

By default Homebrew does not automatically update itself or installed packages. To manually update Homebrew and upgrade all installed packages run:

  1. brew update (Update the formulae and Homebrew itself)

  2. brew upgrade (Upgrade all packages installed by Homebrew)

By default, Homebrew does not uninstall old versions of formula. From time to time you'll want to run brew cleanup to remove old version of formula.

Virtualisation

VMWare Fusion

Parallels

Apps

General

Programming

Security/ Privacy

Objective-See

Touch Bar

Research

Blogs

Talks

Older

2015

2016

2017

2018

Slides

Articles

Papers

Forensics

Exploits

Books

MacOS and iOS Internals (Levin)

-

-

(brew) is a package manager for macOS akin to the (apt) on Debian and Ubuntu.

are third party repositories for homebrew.

“penetration testing related tools”

As of Homebrew brew install python installs python3.x not python2.7.x. This was not compliant as running python would execute the python3.x binary which violates “all distributions should ensure that python refers to the same target as python2”.

This was fixed in . brew install python still installs python3.x but will not symlink python to the python3.x binary. Running python will execute the system python2.7.x binary and running python3 will execute the brew python3.x binary.

See for more info.

See for more info.

We get free from . Used by most mac wankers on the course. Would recommend over all other virtualisation programs for Mac.

Currently .

() - This app keeps your Mac awake for a set period of time, whilst an app is running, and much more.

() Open any archive in seconds

Slack-style emoji picker for your Mac

Native Mac OS app with efficient LaTeX environment

Build an OS X boot disk

Put anything in your menu bar

Stop the annoying mouse acceleration when scrolling in macOS

For general information see . This section list macOS specific tools.

() Apple's own IDE. Best for , C++ and Objective-C.

() notebook built for programmers

offline access to 200+ API documentation sets

() Apple device focused password manager

Application firewall

“Use GPG Suite to encrypt, decrypt, sign and verify files or messages”

“providing a quick and easy way to get administrator rights when needed”

was created by to provide simple, effective and free macOS security tools. Some of his most useful tools are listed below.

(Beta) Alerts when something is persistently installed

Monitors and alerts on mic and webcam access

Open-source application firewall

Adds a menu item to Finder.app to view the cryptographic signature of files

“trigger haptic feedback when tapping Touch Bar”

-

“collection of OSX and iOS security resources”

"Every OS X/ macOS white paper"

- (Security, General)

- (Forensics)

- (Security)

- (General, Security)

- (Security)

- (31c3)

- (Black Hat 2012)

- (Ekoparty 2015)

- (HITBGSEC 2015)

- , & (Black Hat 2015)

- (DEFCON 23)

- (HITBGSEC 2016)

- (DEFCON 24)

- (CITP Princeton)

- and (Ekoparty 2017)

- (HITBAMS 2017)

- & (Black Hat 2018)

- (Black Hat 2018)

- (DEFCON 26)

- Dionysus Blazakis (No video)

- (No video)

- (No video)

- Joshua Long (Intego Mac Security Blog)

- On Mac Secure Boot

- Pepijn Bruienne (Duo Blog)

-

-

- (SpecterOps)

- Mark Wadham

- (SpecterOps)

- Michael George (Dropbox Blog)

-

-

-

-

-

- MDSec

- (Project Zero Blog)

-

-

- and (Duo Blog)

- Dionysus Blazakis (2011)

- (2012)

- (2015)

- & (2018)

-

-

-

- Kshitij Kumar and Jai Musunuri (CrowdStrike Blog)

-

(10.10.5)

- (10.11.5) (10.12)

- Amit Singh (2006)

[The Mac Hacker's Handbook]() - and () (2009)

- () () (2012)

- () (2017)

- () (2016)

A basic intro
Security & Privacy Guide
Awesome commands
launchd.info
Security updates list
WWDC Privacy and Security sessions
@jimconacher
the default shell
Moving to Zsh
Armin Briegel
Understanding DMG Files
Sparse Bundles Defined
How to Fix Slow SMB File Transfers on OS X
Dan Roncadin
Homebrew
Advanced Package Tool
Taps
sidaf/homebrew-pentest
1.5.0
PEP 394
1.6.0
Homebrew and Python
FAQ
VMWare Fusion
VMWare DreamSpark
does not work with M1 Macs
Parallels
Amphetamine
App Store
The Unarchiver
App Store
Rocket
Texpad
DiskMaker X
BitBar
DiscreteScroll
Programmming
Xcode
App Store
C
Quiver
App Store
Dash
1Password
App Store
Little Snitch
GPGTools/ GPG Suite
Privileges.app
Objective-See
Patrick Wardle
BlockBlock
OverSight
LuLu
What's Your Sign?
HapticKey
Papers, Slides and Thesis Archive
osxreverser
osx-security-awesome
mac-white-papers
The Eclectic Light Company
Howard Oakley
mac4n6
Sarah Edwards
Objective-See
Patrick Wardle
derflounder
Rich Trouton
theevilbit
Csaba Fitzl
Thunderstrike: EFI bootkits for Apple MacBooks
Trammell Hudson
Annotated Slides
De Mysteriis Dom Jobsivs: Mac EFI Rootkits
snare
Slides
Stick That In Your (root)Pipe & Smoke It
Patrick Wardle
ThunderStrike 2: Sith Strike
Xeno Kovah
Slides
ThunderStrike 2: Sith Strike
Trammell Hudson
Xeno Kovah
Corey Kallenberg
Annotated Slides
DLL Hijacking on OS X
Patrick Wardle
Slides
The Apple Sandbox: Deeper Into The Quagmire
Jonathan Levin
Slides
I've got 99 Problems, but LittleSnitch ain't one
Patrick Wardle
Slides
Thunderstrike 2
Trammell Hudson
The Apple of your EFI
Rich Smith
Pepijn Bruienne
Oversight: Exposing Spies On MacOS
Patrick Wardle
A Deep Dive into macOS MDM
Jesse Endahl
Max Bélanger
Slides
Fire & Ice: Making and Breaking macOS Firewalls
Patrick Wardle
Slides
The Mouse is Mightier than the Sword
Patrick Wardle
Slides
The Apple Sandbox
OS X El Capitan sinking the S\H/IP
Stefan Esser
Code Signing – Hashed Out
Jonathan Levin
The Evolution of Mac OS X Security and Privacy Features
Booting Secure
Michael Lynn
Apple iMac Pro and Secure Storage
Bypass macOS rootless by sandboxing
CodeColorist
Creating signed and customized backdoored macOS applications
Adam Toscher
Leveraging Emond on macOS For Persistence
Christopher Ross
macOS 10.13.1 insecure cron system
Load & Execute Bundles with migrationTool
Christopher Ross
MacOS monitoring the open source way
Little Snitch Detection in Malware
bitsrot
A useless analysis of macOS (OS X) release dates
Rob Griffiths
Encrypting for Apple's Secure Enclave
David Schuetz
The Empire Strikes Back Apple
osxreverser
macOS FileVault2 Password Retrieval
Ulf Frisk
Escaping the Sandbox – MS Office on MacOS
task_t considered harmful
Ian Beer
Reverse Engineering macOS High Sierra Supplemental Update
Daniel Martín
Password Cracking AES-256 DMGs and Epic Self-Pwnage
Jeremiah Grossman
The Apple of Your EFI: Mac Firmware Security Research
Rich Smith
Pepijn Bruienne
The Apple Sandbox
De Mysteriis Dom Jobsivs: Mac EFI Rootkits
snare
Dylib hijacking on OS X
Patrick Wardle
A Deep Dive into macOS MDM
Jesse Endahl
Max Bélanger
Detection of Backdating the System Clock in macOS
Igor Mikhaylov
How to mount Mac APFS images in Windows
Mari Degrazia
Mounting an APFS image in Linux
Mari Degrazia
I Know What You Did Last Month: A New Artifact of Execution on macOS 10.13
Introducing Unified Logging
Sarah Edwards
DYLD_ROOT_PATH vulnerability
task_t considered harmful
Ian Beer
Mac OS X Internals: A Systems Approach
https://www.wiley.com/en-us/The+Mac+Hacker's+Handbook-p-9780470395363
Charlie Miller
Dino Dai Zovi
Amazon
Mac OS X and iOS Internals
Jonathan Levin
Amazon
Legit PDF
MacOS and iOS Internals, Volume I - User Mode
Jonathan Levin
Amazon
MacOS and iOS Internals, Volume III: Security & Insecurity
Jonathan Levin
Amazon