hacktricks/macos-hardening/macos-security-and-privilege-escalation/macos-defensive-apps.md
2024-12-12 11:39:29 +01:00

3.8 KiB

macOS Defensive Apps

{% hint style="success" %} Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)

Support HackTricks
{% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %}

Firewalls

  • Little Snitch: It will monitor every connection made by each process. Depending on the mode (silent allow connections, silent deny connection and alert) it will show you an alert every time a new connection is stablished. It also has a very nice GUI to see all this information.
  • LuLu: Objective-See firewall. This is a basic firewall that will alert you for suspicious connections (it has a GUI but it isn't as fancy as the one of Little Snitch).

Persistence detection

  • KnockKnock: Objective-See application that will search in several locations where malware could be persisting (it's a one-shot tool, not a monitoring service).
  • BlockBlock: Like KnockKnock by monitoring processes that generate persistence.

Keyloggers detection

Support HackTricks
{% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %} {% endhint %}