Cody Thomas's repositories
offensive_macos
Tracking of offensive macOS tooling, blogs, and related helpful information
HealthInspector
JXA situational awareness helper by simply reading specific files on a filesystem
macos_execute_from_memory
PoC of macho loading from memory
KeytabParser
Python script to parse Keytab files for macOS or *nix (typically /etc/krb5.keytab)
dylibHijackScanner
Objective C dylibHijackScanner and analysis tool
macos-popups
Catalog Red Team techniques that cause popups in various macOS versions
macOSCameraCapture
Simple CLI utility to save off an image from every webcam hooked into a mac
CursedChrome
Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies, allowing you to browse sites as your victims.
TCC-ClickJacking
A proof of concept for a clickjacking attack on macOS.
chronology
SpecterOps Historical Records
electroniz3r
Take over macOS Electron apps' TCC permissions
JXA_Proc_Tree
A JXA script for enumerating running processes, printed out in a json, parent-child tree.
KnockKnock
Enumerate persistently installed software
PrintTCCdb
JXA script for Mythic that prints the TCC.db
SwiftInMemoryLoading
Swift implementation of in-memory Mach-O loading on macOS
cobalt_sync
Standalone Cobalt Strike operation logging Aggressor script for Ghostwriter 2.0+
macos_shell_memory
Execute MachO binaries in memory using CGo