Cedric Owens's repositories
Swift-Attack
Unit tests for blue teams to aid with building detections for some common macOS post exploitation methods.
EntitlementCheck
Scripts (python3 and Swift) for macOS to recursively check /Applications and also check /usr/local/bin, /usr/bin, and /usr/sbin for binaries with problematic/interesting entitlements. Also checks for hardened runtime enablement
Inject_Dylib
Swift code to programmatically perform dylib injection
SwiftBelt-JXA
JXA implementation of some SwiftBelt functions. Author: Cedric Owens
Spotlight-Enum-Kit
JXA and swift code that can perform some macOS situational awareness without generating TCC prompts.
Presentations
Collection of Slides From My Conference Talks
docker-arsenal
Spins up a docker container with several useful tools for offensive security in macOS/cloud environments. Also installs the needed dependencies for each tool/utility during docker setup.
Helpful_aws-scripts
python3 scripts to help with aws triage needs
Dylib_Runner
Swift code to run a dylib on disk
Gitlab-Searcher
python3 script that pulls gitlab data of interest using a gitlab personal access token
HELK-automation
Scripts to automate HELK server standup in Digital Ocean and filebeat on macOS to help automation of sending endpoint security logs from macOS hosts into HELK for building detections content
ioreg-and-sysctl-examples
Examples of programmatically interacting with ioreg and sysctl to query system info
JXA-Firefox
JXA Scripts for extracting data from Firefox
zshrc-persist-JXA
JXA script to add a macho binary to ~/.zshrc for persistence
LocalAdminChecker
Threaded C# code that uses wmic to quickly check a host's /24 subnet for other hosts the current user has local admin access to. Author: Cedric Owens
okta-sprayer
Python3 Script to perform a password spray against an okta instance
dns-TXT-exfil-test
Simple client/server in golang to help with testing data exfil detections over DNS TXT records
chromedp-remotedebugger-example
An example of how to use chromedp to run Chrome headless with the remote debugger port programmatically (is still a wrapper around the Chrome binary)
JenkinsHunter
python3 script that searches a network range for instances of unauthenticated Jenkins hosts. Author: Cedric Owens
modified-tcc-clickjack
modified version of Ron Masas's TCC-Clickjack Swift project
ForgeArmory
ForgeArmory provides TTPs that can be used with the TTPForge (https://github.com/facebookincubator/ttpforge).
objc_rust
Simple example of running JXA code from rust