"The missing ProcMon for macOS": Mac Monitor records Endpoint Security events and displays them for analysis.

Obfuscate Go builds

List of Awesome macOS Red Teaming Resources.

If you have any questions, please open an issue.

Use "Full Disk Access" permissions to read the contents of TCC.db and display it in human-readable format

A JXA script for enumerating running processes, printed out in a json, parent-child tree.

Assorted, MIT licensed, threat hunting rules from @bradleyjkemp

A fully configurable and extendable Bash obfuscation framework. This tool is intended to help both red team and blue team.

Command line utility for inserting a dylib load command into a Mach-O binary

The Web API toolkit. 🛠

Living Off The Land Binaries And Scripts - (LOLBins and LOLScripts)

The Discretionary ACL Modification Project: Persistence Through Host-based Security Descriptor Modification

Go-deliver is a payload delivery tool coded in Go.