impost0r's repositories
Rotten-Apples
macOS codesigning translocation vulnerability.
suspend-shim
macOS shim to spawn suspended processes w/ ASLR disabled
ida_bitfields_macOS
IDA Pro plugin to make bitfield accesses easier to grep
SigMaker-x64
IDA Pro 7 compatible SigMaker plugin
argv_clobber
Clobber argv into a null terminator, thus confusing ps. Can be used with prctl to achieve more stealth.
bagbak
Yet another frida based iOS dumpdecrypted, supports decrypting app extensions and no SSH required
cascade
A thin introspection hypervisor framework that allows for low level resource manipulation.
CVE-2021-44186
A download of code without integrity check vulnerability in the "execute restore src-vis" command of FortiOS before 7.0.3.
debugoff
Linux/macOS anti-debugging and anti-analysis rust library
emmutaler
A set of tools for fuzzing SecureROM. Managed to find and trigger checkm8.
FIDL
A sane API for IDA Pro's decompiler. Useful for malware RE and vulnerability research
FitM
FitM, the Fuzzer in the Middle, can fuzz client and server binaries at the same time using userspace snapshot-fuzzing and network emulation. It's fast and comparably easy to set up.
HookCase
Tool for reverse engineering macOS/OS X
kmemd
Explore a live Linux kernel's memory using GDB
lolhanndead
Mirror of the "LOL HANN DEAD" e-zine by el8/Silverlords
macOS-hasher
Take hashes of files before and after an update to diff them with your favorite diffing tool. Generated by ChatGPT (seriously).
ramiel
uefi diskless persistence technique + OVMF secureboot bypass
reverie
An ergonomic and safe syscall interception framework for Linux.
semgrep-rules
A collection of my Semgrep rules to facilitate vulnerability research.
srd
Welcome to Hoyt's SRD Repo for the Apple Security Research Device. Contribute Code or Open an Issue or Discussion.
super-tart
tart, but with custom AVPBooter ROM, serial I/O, DFU mode, GDB debugging (port 8000), and panic halting. See help menus for `tart create` and `tart run` for more info. Requires SIP/AMFI to be disabled for required entitlement.
tsffs
A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS
warbird-hook
Using Microsoft Warbird to automatically unpack and execute encrypted shellcode in ClipSp.sys without triggering PatchGuard
yolo_dsc
A late bound, hope-for-the-best dyld shared cache extractor