Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-21 12:13:17 +00:00
Code Issues Projects Releases Packages Wiki Activity

GitBook: [master] 3 pages modified

Browse source
This commit is contained in:
CPol 2021-07-31 01:06:22 +00:00 committed by gitbook-bot
parent 67f9c47578
commit b09c4cf3e1
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
3 changed files with 21 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
SUMMARY.md
View file

@ -57,7 +57,7 @@
* [MacOS Security & Privilege Escalation](macos/macos-security-and-privilege-escalation/README.md)
* [Mac OS Protocols](macos/macos-security-and-privilege-escalation/mac-os-protocols.md)
* [Inspecting and debugging Mac OS Apps](macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md)
* [Inspecting and debugging Mac OS Sotware](macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md)
* [Mac OS Serial Number](macos/macos-security-and-privilege-escalation/macos-serial-number.md)
* [Mac OS Architecture](macos/macos-security-and-privilege-escalation/mac-os-architecture.md)

17
macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md
View file

@ -1,4 +1,4 @@
# Inspecting and debugging Mac OS Apps
# Inspecting and debugging Mac OS Sotware
## Static Analysis
@ -9,6 +9,21 @@ otool -L /bin/ls #List dynamically linked libraries
otool -tv /bin/ps #Decompile application
```
### SuspiciousPackage
\*\*\*\*[**SuspiciousPackage**](https://mothersruin.com/software/SuspiciousPackage/get.html) is a tool useful to inspect **.pkg** files \(installers\) and see what is inside before installing it.
These installers have `preinstall` and `postinstall` bash scripts that malware authors usually abuse to **persist** **the** **malware**.
### hdiutil
This tool allows to **mount** Apple disk images \(**.dmg**\) files to inspect them before running anything:
```bash
hdiutil attach ~/Downloads/Firefox\ 58.0.2.dmg
```
It will be mounted in `/Volumes`
## Dynamic Analysis
{% hint style="warning" %}

4
misc/basic-python/bypass-python-sandboxes.md
View file

@ -158,6 +158,10 @@ f = ftype(ctype(1, 1, 1, 67, '|\x00\x00GHd\x00\x00S', (None,), (), ('s',), 'stdi
f(42)
```
### Decompiling Python
Using tools like [https://www.decompiler.com/](https://www.decompiler.com/) one can decompile given compiled python code
## Builtins
* [Builtins functions of python2](https://docs.python.org/2/library/functions.html)