Share
## https://sploitus.com/exploit?id=994E0D55-FA8B-5F12-B986-C4988760BDD8
# Mac&IOS HackStudy
# Mac&IOS安全学习资料汇总
# Mac&IOS安全学习网站收集:
http://samdmarshall.com   
https://www.exploit-db.com  
https://reverse.put.as  
http://highaltitudehacks.com/security/  
http://www.dllhook.com/  
http://www.securitylearn.net/archives/  
http://securitycompass.github.io/iPhoneLabs/index.html  
http://security.ios-wiki.com  
http://www.opensecuritytraining.info/IntroARM.html  
https://truesecdev.wordpress.com/  
http://resources.infosecinstitute.com/ios-application-security-part-1-setting-up-a-mobile-pentesting-platform/  
http://esoftmobile.com/2014/02/14/ios-security/  
http://bbs.iosre.com  
http://bbs.chinapyg.com  
http://blog.pangu.io/   
http://yonsm.net/  
http://nianxi.net/  
http://cocoahuke.com/  
https://blog.0xbbc.com  
http://blog.imaou.com/  
https://github.com/pandazheng/iOSAppReverseEngineering  
http://drops.wooyun.org  
http://bbs.pediy.com  
http://www.blogfshare.com/  
https://github.com/michalmalik/osx-re-101  
http://blog.qwertyoruiop.com/  
https://github.com/secmobi/wiki.secmobi.com  
http://contagioexchange.blogspot.com/  
http://contagiominidump.blogspot.com/  
https://github.com/secmobi  
https://www.owasp.org/index.php/OWASP_Mobile_Security_Project#tab=Guide_Development_Project  
http://blog.dornea.nu/2014/10/29/howto-ios-apps-static-analysis/  
http://www.dllhook.com/post/58.html  
http://thexploit.com/category/secdev/  
https://github.com/secmobi/wiki.secmobi.com  
https://github.com/mdsecresearch  
http://sectools.org/tag/os-x/  
http://googleprojectzero.blogspot.com/  
http://googleprojectzero.blogspot.com/2014/10/more-mac-os-x-and-iphone-sandbox.html  
http://www.macexploit.com/  
https://code.google.com/p/google-security-research/issues/list?can=1&q=iOS&sort=-id&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary  
https://code.google.com/p/google-security-research/issues/list?can=1&q=OSX&sort=-id&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=tiles  
http://googleprojectzero.blogspot.com/2014/11/pwn4fun-spring-2014-safari-part-ii.html  
https://www.blackhat.com/docs/us-15/materials/us-15-Lei-Optimized-Fuzzing-IOKit-In-iOS-wp.pdf  
https://www.youtube.com/watch?v=rxUgw5bEG3Y  
https://www.theiphonewiki.com/wiki/Firmware  
http://www.trustedbsd.org/mac.html  
http://googleprojectzero.blogspot.com/2014/10/more-mac-os-x-and-iphone-sandbox.html  
https://code.google.com/p/google-security-research/issues/list?can=1&q=OSX&sort=-id&colspec=ID+Type+Status+Priority+Milestone+Owner+Summary&cells=tiles  
https://support.apple.com/zh-cn/HT205731  
https://www.apple.com/support/security/  
http://opensource.apple.com/tarballs/  
https://mobile-security.zeef.com/oguzhan.topgu  
http://www.powerofcommunity.net  
http://cn.0day.today/exploits  
https://recon.cx/2016/training/trainingios-osx.html  
https://www.exploit-db.com/osx-rop-exploits-evocam-case-study/  
https://www.offensive-security.com/vulndev/evocam-remote-buffer-overflow-on-osx/  
https://www.yumpu.com/en/document/view/7010924/ios-kernel-heap-armageddon  
http://contagiodump.blogspot.com/  
http://www.dllhook.com/post/138.html  
http://shell-storm.org/blog/Return-Oriented-Programming-and-ROPgadget-tool/  
https://medium.com/@harryworld/100-days-of-osx-development-e61591fcb8c8#.vxyuyse12  
http://www.poboke.com/study/reverse  
https://www.offensive-security.com/vulndev/evocam-remote-buffer-overflow-on-osx/  
https://www.exploit-db.com/osx-rop-exploits-evocam-case-study/  
http://phrack.org/issues/69/1.html    
https://www.exploit-db.com/docs/28479.pdf  
https://speakerdeck.com/milkmix/ios-malware-myth-or-reality  
https://bbs.pediy.com/thread-223117.htm  



# Mac&IOS安全优秀博客文章
http://datatheorem.github.io/TrustKit/  
http://ho.ax/posts/2012/02/resolving-kernel-symbols/  
http://www.securitylearn.net/tag/pentesting-ios-apps/  
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/  
https://github.com/secmobi/wiki.secmobi.com  
http://bbs.iosre.com/t/debugserver-lldb-gdb/65  
http://bbs.pediy.com/showthread.php?t=193859  
http://bbs.pediy.com/showthread.php?t=192657&viewgoodnees=1&prefixid=  
http://blog.darkrainfall.org/2013/01/os-x-internals/  
http://dvlabs.tippingpoint.com/blog/2009/03/06/reverse-engineering-iphone-appstore-binaries  
http://drops.wooyun.org/papers/5309  
http://www.blogfshare.com/category/ios-secure  
https://www.safaribooksonline.com/library/view/hacking-and-securing/9781449325213/ch08s04.html  
http://soundly.me/osx-injection-override-tutorial-hello-world/  
https://nadavrub.wordpress.com/2015/07/23/injecting-code-to-an-ios-appstore-app/  
http://blog.dewhurstsecurity.com/  
https://github.com/project-imas  
https://github.com/iSECPartners  
https://www.nowsecure.com/blog/  
http://lightbulbone.com/  
http://www.tanhao.me/pieces/1515.html/  
http://dongaxis.github.io/  
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/  
https://blog.xpnsec.com/restoring-dyld-memory-loading/  
https://blog.xpnsec.com/building-a-mach-o-memory-loader-part-1/

# Mac&IOS技术研究文章
源码级调试的XNU内核  
https://bbs.ichunqiu.com/thread-48301-1-1.html  
Armor:一款功能强大的macOS Payload加密工具,可绕过大部分AV  
https://www.freebuf.com/sectool/190620.html  
使用radare2逆向iOS Swift应用程序  
https://www.freebuf.com/articles/terminal/191595.html  
Debugging macOS Kernel For Fun  
https://geosn0w.github.io/Debugging-macOS-Kernel-For-Fun/  
MacMalware_2018  
https://objective-see.com/downloads/MacMalware_2018.pdf  
The best of OpenSource.Apple.Com for iOS  
http://newosxbook.com/tools/iOSBinaries.html  
FortiAppMonitor:用于监控macOS上的系统活动的强大工具  
https://www.freebuf.com/sectool/193258.html  
Introduction to macOS - Gatekeeper  
https://github.com/yo-yo-yo-jbo/macos_gatekeeper  
Introduction to macOS - the App sandbox  
https://github.com/yo-yo-yo-jbo/macos_sandbox  
Introduction to macOS - macOS App structure  
https://github.com/yo-yo-yo-jbo/macos_app_structure  
monitor macOS for malicious activity  
https://github.com/droe/xnumon  
Building a Custom Mach-O Memory Loader for macOS - Part 1  
https://blog.xpnsec.com/building-a-mach-o-memory-loader-part-1/  
Restoring Dyld Memory Loading  
https://blog.xpnsec.com/restoring-dyld-memory-loading/  
Ios App Extraction & Analysis  
https://datalocaltmp.github.io/ios-app-extraction-analysis.html  
MacOS Forensics DIY Style    
https://aboutyou.tech/blog/macos-forensics-diy-style-3369868505dd/




# Mac&IOS安全优秀GitHub
Contains all example codes for O'Reilly's iOS 9 Swift Programming Cookbook   
https://github.com/vandadnp/iOS-9-Swift-Programming-Cookbook  
XCodeGhost清除脚本  
https://github.com/pandazheng/XCodeGhost-Clean  
Apple OS X ROOT提权API后门  
https://github.com/tihmstar/rootpipe_exploit  
Effortless and universal SSL pinning for iOS and OS X  
https://github.com/datatheorem/TrustKit  
Patch PE, ELF, Mach-O binaries with shellcode  
https://github.com/secretsquirrel/the-backdoor-factory  
iReSign allows iDevice app bundles (.ipa) files to be signed or resigned with a digital certificate from Apple for distribution  
https://github.com/maciekish/iReSign  
A Mach-O Load Command deobfuscator  
https://github.com/x43x61x69/Mach-O-Prettifier  
Dylib插入Mach-O文件  
https://github.com/Tyilo/insert_dylib  
dylib injector for mach-o binaries  
https://github.com/KJCracks/yololib  
Fast iOS executable dumper  
https://github.com/KJCracks/Clutch  
Binary distribution of the libimobiledevice library for Mac OS X  
https://github.com/benvium/libimobiledevice-macosx  
python utilities related to dylib hijacking on OS X  
https://github.com/synack/DylibHijack  
OSX dylib injection  
https://github.com/scen/osxinj  
IOS IPA package refine and resign  
https://github.com/Yonsm/iPAFine  
ROP Exploitation  
https://github.com/JonathanSalwan/ROPgadget  
Class-dump any Mach-o file without extracting it from dyld_shared_cache  
https://github.com/limneos/classdump-dyld  
Scan an IPA file and parses its info.plist  
https://github.com/apperian/iOS-checkIPA  
A PoC Mach-O infector via library injection  
https://github.com/gdbinit/osx_boubou  
IOS-Headers  
https://github.com/MP0w/iOS-Headers  
Interprocess Code injection for Mac OS X  
https://github.com/rentzsch/mach_inject  
OS X Auditor is a free Mac OS X computer forensics tool  
https://github.com/jipegit/OSXAuditor  
remove PIE for osx  
https://github.com/CarinaTT/MyRemovePIE  
A TE executable format loader for IDA  
https://github.com/gdbinit/TELoader  
Mobile Security Framework    
https://github.com/ajinabraham/Mobile-Security-Framework-MobSF  
A library that enables dynamically rebinding symbols in Mach-O binaries running on iOS  
https://github.com/facebook/fishhook  
OSX and iOS related security tools  
https://github.com/ashishb/osx-and-ios-security-awesome  
Introspy-Analyzer  
https://github.com/iSECPartners/Introspy-Analyzer  
Dumps decrypted mach-o files from encrypted iPhone applications from memory to disk  
https://github.com/stefanesser/dumpdecrypted  
Simple Swift wrapper for Keychain that works on iOS and OS X  
https://github.com/kishikawakatsumi/KeychainAccess  
idb is a tool to simplify some common tasks for iOS pentesting and research  
https://github.com/dmayer/idb  
Pentesting apps using Parse as a backend  
https://github.com/igrekde/ParseRevealer  
The iOS Reverse Engineering Toolkit  
https://github.com/Vhacker/iRET  
XNU - Mac OS X kernel  
https://github.com/opensource-apple/xnu  
Code injection + payload communications for OSX  
https://github.com/mhenr18/injector  
iOS related code  
https://github.com/samdmarshall/iOS-Internals  
OSX injection tutorial: Hello World  
https://github.com/arbinger/osxinj_tut  
Reveal Loader dynamically loads libReveal.dylib (Reveal.app support) into iOS apps on jailbroken devices  
https://github.com/heardrwt/RevealLoader  
NSUserDefaults category with AES encrypt/decrypt keys and values  
https://github.com/NZN/NSUserDefaults-AESEncryptor  
Blackbox tool to disable SSL certificate validation  
https://github.com/iSECPartners/ios-ssl-kill-switch  
应用逆向工程 抽奖插件  
https://github.com/iosre/iosrelottery  
Untested iOS Tweak to hook OpenSSL functions  
https://github.com/nabla-c0d3/iOS-hook-OpenSSL  
IOS *.plist encryptor project. Protect your *.plist files from jailbroken  
https://github.com/FelipeFMMobile/ios-plist-encryptor  
Re-codesigning tool for iOS ipa file  
https://github.com/hayaq/recodesign  
Scans iPhone/iPad/iPod applications for PIE flags  
https://github.com/stefanesser/.ipa-PIE-Scanner  
xnu local privilege escalation via cve-2015-1140 IOHIDSecurePromptClient injectStringGated heap overflow | poc||gtfo  
https://github.com/kpwn/vpwn  
MachOView  
https://github.com/gdbinit/MachOView  
A cross-platform protocol library to communicate with iOS devices  
https://github.com/libimobiledevice/libimobiledevice  
WireLurkerDetector  
https://github.com/pandazheng/WireLurker  
Released in accordance with GPL licensing  
https://github.com/p0sixspwn/p0sixspwn  
xnu local privilege escalation via cve-2015  
https://github.com/kpwn/tpwn  
A simple universal memory editor (game trainer) on OSX/iOS  
https://github.com/pandazheng/HippocampHairSalon  
BinaryCookieReader源码  
https://github.com/pandazheng/BinaryCookieReader  
Tiamo's bootloader  
https://github.com/pandazheng/macosxbootloader  
incomplete ios 8.4.1 jailbreak by Kim Jong Cracks  
https://github.com/pandazheng/yalu  
Security Scanner for OSX  
https://github.com/openscanner/XGuardian  
Sample kernel extension that demonstrates how to hide from kextstat  
https://github.com/rc0r/KextHider  
Example Mac OS X kernel extension that resolves symbols from the running kernel image  
https://github.com/snare/KernelResolver  
Sample Mac OS X (Mountain Lion) kernel extension that demonstrates how to hide files by hijacking getdirentries* syscalls  
https://github.com/rc0r/FileHider  
Sample Mac OS X (Mountain Lion) kernel extension that demonstrates how to hide a process by modifying allproc and pidhashtbl  
https://github.com/rc0r/ProcessHider  
The Mach-O disassembler. Now 64bit and Xcode 6 compatible  
https://github.com/x43x61x69/otx  
A Mach-O binary codesign remover  
https://github.com/x43x61x69/codeunsign  
A Mach-O Load Command deobfuscator  
https://github.com/x43x61x69/Mach-O-Prettifier  
Very simple keylogger for self-quantifying on Mac OS X  
https://github.com/dannvix/keylogger-osx  
Manage iOS devices through iTunes lib  
https://github.com/xslim/mobileDeviceManager    
Detects the hardware, software and display of the current iOS or Mac OS X device at runtime    
https://github.com/lmirosevic/GBDeviceInfo  
Python Arsenal for Reverse Engineering    
http://pythonarsenal.com/  
A OS X crypto ransomware PoC    
https://github.com/gdbinit/gopher  
destroyer of iOS kernelcaches  
https://github.com/0xAwayy/IDA_iOS_vtab_parser  
WhatsYourSign adds a menu item to Finder.app. Simply right-, or control-click on any file to display its cryptographic signing information!  
https://github.com/objective-see/WhatsYourSign  
macOS (& ios) Artifact Parsing Tool    
https://github.com/ydkhatri/mac_apt/  
macOS forensic timeline generator using the analysis result DBs of mac_apt  
https://github.com/mnrkbys/ma2tl  
ios-hacking  
https://github.com/topics/ios-hacking  
iOS Pentesting  
https://github.com/carlospolop/hacktricks/blob/master/mobile-pentesting/ios-pentesting/README.md  
iOS Pentesting Checklist  
https://book.hacktricks.xyz/mobile-pentesting/ios-pentesting-checklist  
Run unsigned iOS app without actually installing it!  
https://github.com/khanhduytran0/LiveContainer  
IOSSecuritySuite
https://github.com/securing/IOSSecuritySuite


# 逆向分析
Ios App Extraction & Analysis  
https://voidsec.com/reverse-engineering-terminator-aka-zemana-antimalware-antilogger-driver/
  
# Apple Source Code 
https://opensource.apple.com/  
https://github.com/apple-oss-distributions

# A curated list of awesome iOS application security resources.  
https://github.com/Cy-clon3/awesome-ios-security

# Frida(Mac & IOS调试工具)  
https://codeshare.frida.re/  

# LOOBins
https://github.com/infosecB/LOOBins

# A Tool For Digging Into Binary Files on macOS
https://www.mothersruin.com/software/Archaeology/

# Darwin/macOS emulation layer for Linux
https://github.com/darlinghq/darling

# Mac Forensic Tools
A forensic evidence collection & analysis toolkit for OS X   
https://github.com/Yelp/osxcollector

# iOS Forensic Tools
MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise.    
https://github.com/mvt-project/mvt      
iOS_sysdiagnose_forensic_scripts      
https://github.com/cheeky4n6monkey/iOS_sysdiagnose_forensic_scripts    
Forensic toolkit for iOS sysdiagnose feature  
https://github.com/EC-DIGIT-CSIRC/sysdiagnose

# iOS Forensic Toolkit Tips & Tricks
https://blog.elcomsoft.com/2023/07/ios-forensic-toolkit-tips-tricks/  
https://github.com/Yelp/osxcollector

# macOS Initial Access Payload Generator
https://github.com/D00MFist/Mystikal

# iOS Penetration Testing Cheat Sheet
https://github.com/ivan-sincek/ios-penetration-testing-cheat-sheet  
MOBILE PENTESTING 101 – HOW TO SET UP YOUR IOS ENVIRONMENT
https://securitycafe.ro/2023/06/12/mobile-pentesting-101-how-to-set-up-your-ios-environment/  


# Mac Malware Samples
macOS Malware Collection  
https://github.com/objective-see/Malware

# macOS Internals
https://gist.github.com/kconner/cff08fe3e0bb857ea33b47d965b3e19f

# Mac SandBox 
https://github.com/phdphuc/mac-a-mal-cuckoo  
https://github.com/phdphuc/mac-a-mal

# Mac OS X Memory Analysis Toolkit
https://github.com/n0fate/volafox

# Open Source Tools & Mac Forensics
https://sumuri.com/open-source-tools-mac-forensics/

# A collection of resources for OSX/iOS reverse engineering
https://github.com/michalmalik/osx-re-101

# macOS (& ios) Artifact Parsing Tool
https://github.com/ydkhatri/mac_apt

# Mac Malware Samples
https://objective-see.com/malware.html#resources  

# Hunting 
Hunting for macOS attack techniques. Part 1 – Initial Access, Execution, Credential Access, Persistence  
https://speakerdeck.com/heirhabarov/hunting-for-macos-attack-techniques-part-1-initial-access-execution-credential-access-persistence

# MacOS App  
Introduction to macOS - macOS App structure  
https://github.com/yo-yo-yo-jbo/macos_app_structure


# Mac&IOS安全优秀书籍
《Hacking and Securing iOS Applications》  
《Mac OS X and iOS Internals:To the Apple’s Core》  
《OS X and iOS Kernel Programming》  
《OS X ABI Mach-O File Format》  
《The Mac Hacker’s Handbook》  
《Mac OS X Interals:A Systems Approach》  
《黑客攻防技术宝典-IOS实战篇》  
《IOS应用安全攻防实战》  
《IOS应用逆向工程》  
《IOS取证实战》  
《安全技术大系:IOS取证分析》  
《macOS软件安全与逆向分析》

# Mac&IOS安全Twitter
https://twitter.com/Technologeeks  
https://twitter.com/osxreverser  
https://twitter.com/Morpheus______  


# Mac/IOS Exploit分析文章  
CVE-2016-1749  
http://turingh.github.io/2016/04/29/CVE-2016-1749%E5%86%85%E6%A0%B8%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8CPOC%E5%88%86%E6%9E%90/ 

CVE-2016-1757  
http://googleprojectzero.blogspot.com/2016/03/race-you-to-kernel.html  
https://github.com/gdbinit/mach_race  

CVE-2016-1824  
http://marcograss.github.io/security/apple/cve/2016/05/16/cve-2016-1824-apple-iohidfamily-racecondition.html  

[IOS越狱中使用到的漏洞列表](https://www.theiphonewiki.com/wiki/Jailbreak_Exploits#Exploits_which_are_used_in_order_to_jailbreak_8.x)  



# 越狱ipsw
[ios10 ipsw](http://alliphone.com/2015/11/ios-10-download-links-ipsw.html)  
https://ipsw.me/all  
https://www.alliphone.com  
https://www.theiphonewiki.com/wiki/Firmware_Keys  
http://pastebin.com/FRMfanmT
https://www.reddit.com/r/jailbreak/comments/4nyz1p/discussion_decrypted_kernel_cache_ios_10/d48cgd7
https://www.nowsecure.com/blog/2014/04/14/ios-kernel-reversing-step-by-step/  
http://www.iphonehacks.com/download-iphone-ios-firmware  
https://github.com/pinauten/Fugu15



--------------------------------------------------
# Mac下的一些软件  
http://sqwarq.com/detectx/

# Mac下的安全软件
https://objective-see.com/products.html  



---------------------------------------------------
# Mac平台虚拟机软件UTM
https://docs.getutm.app/
https://getutm.app/
https://mac.getutm.app/
https://github.com/utmapp/UTM