hacktricks/macos-hardening/macos-security-and-privilege-escalation/macos-defensive-apps.md

4.8 KiB

macOS Defensive Apps

☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥

Firewalls

  • Little Snitch: It will monitor every connection made by each process. Depending on the mode (silent allow connections, silent deny connection and alert) it will show you an alert every time a new connection is stablished. It also has a very nice GUI to see all this information.
  • LuLu: Objective-See firewall. This is a basic firewall that will alert you for suspicious connections (it has a GUI but it isn't as fancy as the one of Little Snitch).

Persistence detection

  • KnockKnock: Objective-See application that will search in several locations where malware could be persisting (it's a one-shot tool, not a monitoring service).
  • BlockBlock: Like KnockKnock by monitoring processes that generate persistence.

Keyloggers detection

  • ReiKey: Objective-See application to find keyloggers that install keyboard "event taps"

Ransomware detection

  • RansomWhere: Objective-See application to detect file encryption actions.

Mic & Webcam detection

  • OverSight: Objective-See application to detect application that starts using webcam and mic.

Process Injection detencion

  • Shield: Applicaiton that detects different process injection techniques.
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥