angelystor
/ add_debug_entitlement.sh
Created
May 11, 2022 06:56
— forked from talaviram/add_debug_entitlement.sh
Simple Utility Script for allowing debug of hardened macOS apps.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| # Simple Utility Script for allowing debug of hardened macOS apps. | |
| # This is useful mostly for plug-in developer that would like keep developing without turning SIP off. | |
| # Credit for idea goes to (McMartin): https://forum.juce.com/t/apple-gatekeeper-notarised-distributables/29952/57?u=ttg | |
| # Update 2022-03-10: Based on Fabian's feedback, add capability to inject DYLD for sanitizers. | |
| # | |
| # Please note: | |
| # - Modern Logic (on M1s) uses `AUHostingService` which resides within the system thus not patchable and REQUIRES to turn-off SIP. | |
| # - Some hosts uses separate plug-in scanning or sandboxing. | |
| # if that's the case, it's required to patch those (if needed) and attach debugger to them instead. |
angelystor
/ inject.c
Created
March 27, 2022 10:40
— forked from knightsc/inject.c
An example of how to inject code to call dlopen and load a dylib into a remote mach task. Tested on 10.13.6 and 10.14.3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <dlfcn.h> | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| #include <sys/types.h> | |
| #include <mach/mach.h> | |
| #include <mach/error.h> | |
| #include <errno.h> | |
| #include <stdlib.h> | |
| #include <sys/sysctl.h> | |
| #include <sys/mman.h> |
angelystor
/ Get-InjectedThread.ps1
Created
April 30, 2020 02:35
— forked from jaredcatkinson/Get-InjectedThread.ps1
Code from "Taking Hunting to the Next Level: Hunting in Memory" presentation at SANS Threat Hunting Summit 2017 by Jared Atkinson and Joe Desimone
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| function Get-InjectedThread | |
| { | |
| <# | |
| .SYNOPSIS | |
| Looks for threads that were created as a result of code injection. | |
| .DESCRIPTION | |