pwnorz pwn0rz
imbushuo
/ simplevm.c
Last active
March 20, 2025 05:02
Demonstrates Hypervisor.Framework usage in Apple Silicon
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // simplevm.c: demonstrates Hypervisor.Framework usage in Apple Silicon | |
| // Based on the work by @zhuowei | |
| // @imbushuo - Nov 2020 | |
| // To build: | |
| // Prepare the entitlement with BOTH com.apple.security.hypervisor and com.apple.vm.networking WHEN SIP IS OFF | |
| // Prepare the entitlement com.apple.security.hypervisor and NO com.apple.vm.networking WHEN SIP IS ON | |
| // ^ Per @never_released, tested on 11.0.1, idk why | |
| // clang -o simplevm -O2 -framework Hypervisor -mmacosx-version-min=11.0 simplevm.c | |
| // codesign --entitlements simplevm.entitlements --force -s - simplevm |
saagarjha
/ CreateGhidraApp.sh
Last active
April 2, 2025 09:00
Creates a Ghidra.app bundle for macOS
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| set -eu | |
| create_iconset() { | |
| mkdir -p Ghidra.iconset | |
| cat << EOF > Ghidra.iconset/Contents.json | |
| { | |
| "images": | |
| [ |
jakeajames
/ exploit.c
Last active
April 9, 2022 04:10
leak address of segment_list in oob_timestamp
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // exploit.c | |
| // extra_time | |
| // | |
| // Created by Jake James on 2/8/20. | |
| // Copyright © 2020 Jake James. All rights reserved. | |
| // | |
| #include "exploit.h" | |
| #include "IOAccelerator_stuff.h" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <dlfcn.h> | |
| #include <stdio.h> | |
| #include <unistd.h> | |
| #include <sys/types.h> | |
| #include <mach/mach.h> | |
| #include <mach/error.h> | |
| #include <errno.h> | |
| #include <stdlib.h> | |
| #include <sys/sysctl.h> | |
| #include <sys/mman.h> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // Moved here: https://github.com/Siguza/misc/blob/master/dsc_syms.c |
pedramamini
/ XProtect.yara
Created
October 19, 2017 20:18
Apple OSX built in file defense is powered by YARA: /System/Library/CoreServices/XProtect.bundle/Contents/Resources
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import "hash" | |
| private rule Macho | |
| { | |
| meta: | |
| description = "private rule to match Mach-O binaries" | |
| condition: | |
| uint32(0) == 0xfeedface or uint32(0) == 0xcefaedfe or uint32(0) == 0xfeedfacf or uint32(0) == 0xcffaedfe or uint32(0) == 0xcafebabe or uint32(0) == 0xbebafeca | |
| } |
alexprivalov
/ Revisiting Mac OS X Kernel Rootkits
Created
August 7, 2015 11:04
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Title : Revisiting Mac OS X Kernel Rootkits | |
| Author : fG! | |
| Date : April 18, 2014 | |
| |=----------------------------------------------------------------------------=| | |
| |=----------------=[ Revisiting Mac OS X Kernel Rootkits ]=-------------------=| | |
| |=----------------------------------------------------------------------------=| | |
| |=------------------------=[ fG! <[email protected]> ]=---------------------------=| | |
| |=----------------------------------------------------------------------------=| |