GitBook: [master] 3 pages modified

This commit is contained in:
CPol 2021-07-31 01:06:22 +00:00 committed by gitbook-bot
parent 67f9c47578
commit b09c4cf3e1
No known key found for this signature in database
GPG key ID: 07D2180C7B12D0FF
3 changed files with 21 additions and 2 deletions

View file

@ -57,7 +57,7 @@
* [MacOS Security & Privilege Escalation](macos/macos-security-and-privilege-escalation/README.md) * [MacOS Security & Privilege Escalation](macos/macos-security-and-privilege-escalation/README.md)
* [Mac OS Protocols](macos/macos-security-and-privilege-escalation/mac-os-protocols.md) * [Mac OS Protocols](macos/macos-security-and-privilege-escalation/mac-os-protocols.md)
* [Inspecting and debugging Mac OS Apps](macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md) * [Inspecting and debugging Mac OS Sotware](macos/macos-security-and-privilege-escalation/inspecting-and-debugging-mac-os-apps.md)
* [Mac OS Serial Number](macos/macos-security-and-privilege-escalation/macos-serial-number.md) * [Mac OS Serial Number](macos/macos-security-and-privilege-escalation/macos-serial-number.md)
* [Mac OS Architecture](macos/macos-security-and-privilege-escalation/mac-os-architecture.md) * [Mac OS Architecture](macos/macos-security-and-privilege-escalation/mac-os-architecture.md)

View file

@ -1,4 +1,4 @@
# Inspecting and debugging Mac OS Apps # Inspecting and debugging Mac OS Sotware
## Static Analysis ## Static Analysis
@ -9,6 +9,21 @@ otool -L /bin/ls #List dynamically linked libraries
otool -tv /bin/ps #Decompile application otool -tv /bin/ps #Decompile application
``` ```
### SuspiciousPackage
\*\*\*\*[**SuspiciousPackage**](https://mothersruin.com/software/SuspiciousPackage/get.html) is a tool useful to inspect **.pkg** files \(installers\) and see what is inside before installing it.
These installers have `preinstall` and `postinstall` bash scripts that malware authors usually abuse to **persist** **the** **malware**.
### hdiutil
This tool allows to **mount** Apple disk images \(**.dmg**\) files to inspect them before running anything:
```bash
hdiutil attach ~/Downloads/Firefox\ 58.0.2.dmg
```
It will be mounted in `/Volumes`
## Dynamic Analysis ## Dynamic Analysis
{% hint style="warning" %} {% hint style="warning" %}

View file

@ -158,6 +158,10 @@ f = ftype(ctype(1, 1, 1, 67, '|\x00\x00GHd\x00\x00S', (None,), (), ('s',), 'stdi
f(42) f(42)
``` ```
### Decompiling Python
Using tools like [https://www.decompiler.com/](https://www.decompiler.com/) one can decompile given compiled python code
## Builtins ## Builtins
* [Builtins functions of python2](https://docs.python.org/2/library/functions.html) * [Builtins functions of python2](https://docs.python.org/2/library/functions.html)