Knockknock
A free, open-source tool that uncovers persistently installed software on macOS, helping to generically reveal malware.
Yet another code injection library for OS X. $ git clone --recursive https://github.com/rodionovd/task_vaccine.git task_vaccine $ cd ./task_vaccine $ rake test $ rake build # will build an x86_64 dynamic library and place it into ./build/x86_64 #include "task_vaccine.h" task_t target = ...; int err = task_vaccine(target, "./payload0.dylib"); if (err != KERN_SUCCESS) { fprintf(stderr, "task_vaccine() failed with error: %d\n", err); } see Usage for details. Why should I use this thing instead of mach_inject? Well, for a couple of reasons actually: mach_inject's codebase is old and it hasn't been updated for a while. You can not inject i386 targets from x86_64 hosts and vice versa using mach_inject, so you should use two different injectors. With task_vaccine you can actually do it. I have automated tests 🚦 How it works: Pretty straightforward, see: At first, we create a new thread inside a target task (process) and execute _pthread_set_self() function on it. We can only create a raw Mach thread inside a target task. But many functions (such as dlopen()) rely on pthread stuff (locks, etc), so we have to initialize a pthread first and only then execute dlopen() for lo
A free, open-source tool that uncovers persistently installed software on macOS, helping to generically reveal malware.
A simple ransomware protection that intercepts and kills malicious processes attempting to delete shadow copies using vssadmin.exe.
A free endpoint security tool for host investigative capabilities to find signs of malicious activity through memory and file analysis.
Symantec Enterprise Cloud provides comprehensive cybersecurity for large enterprises, with a focus on data-centric hybrid security and innovation in threat and data protection.
Cortex XDR is a comprehensive endpoint security solution that blocks advanced attacks with behavioral threat protection, AI, and cloud-based analysis, and provides complete endpoint security and lightning-fast investigation and response.
A collection of utilities for working with USB devices on Linux